Vulnerability Details CVE-2024-45782
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.3%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2024-45782
-
cpe:2.3:a:gnu:grub2:-
-
cpe:2.3:a:gnu:grub2:1.98
-
cpe:2.3:a:gnu:grub2:1.99
-
cpe:2.3:a:gnu:grub2:2.00
-
cpe:2.3:a:gnu:grub2:2.01
-
cpe:2.3:a:gnu:grub2:2.02
-
cpe:2.3:a:gnu:grub2:2.04
-
cpe:2.3:a:gnu:grub2:2.06
-
cpe:2.3:a:gnu:grub2:2.06-150400.7.1
-
cpe:2.3:a:gnu:grub2:2.06-18.1
-
cpe:2.3:a:gnu:grub2:2.12
-
cpe:2.3:a:redhat:openshift_container_platform:4.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0