CVE-2025-61662
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Vendor
Product
CWE
Yayın Tarihi
2025-11-18 19:15:50
Güncelleme
2026-03-25 05:16:24
Source Identifier
secalert@redhat.com
KEV Date Added
-
Kategoriler
Referanslar
https://access.redhat.com/errata/RHSA-2026:4648
https://access.redhat.com/errata/RHSA-2026:4649
https://access.redhat.com/errata/RHSA-2026:4652
https://access.redhat.com/errata/RHSA-2026:4653
https://access.redhat.com/errata/RHSA-2026:4654
https://access.redhat.com/errata/RHSA-2026:4760
https://access.redhat.com/errata/RHSA-2026:4822
https://access.redhat.com/errata/RHSA-2026:4823
https://access.redhat.com/errata/RHSA-2026:4830
https://access.redhat.com/errata/RHSA-2026:4900
https://access.redhat.com/errata/RHSA-2026:4998
https://access.redhat.com/errata/RHSA-2026:5074
https://access.redhat.com/errata/RHSA-2026:5127
https://access.redhat.com/errata/RHSA-2026:5233
https://access.redhat.com/security/cve/CVE-2025-61662
https://bugzilla.redhat.com/show_bug.cgi?id=2414683
https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html
http://www.openwall.com/lists/oss-security/2025/11/18/5