CVE-2024-45780 — MEDIUM (6.7)

Q: How severe is CVE-2024-45780?

CVE-2024-45780 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45780?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2.

Vulnerability Description

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Grub2	<= 2.12

Related Weaknesses (CWE)

CWE-787

References

https://access.redhat.com/security/cve/CVE-2024-45780Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345856Issue Tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.htmlMailing List

FAQ

What is CVE-2024-45780?

CVE-2024-45780 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's po...

How severe is CVE-2024-45780?

CVE-2024-45780 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45780?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Grub2.