Description

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.

INFO

Published Date :

2025-03-03T14:18:50.957Z

Last Modified :

2026-02-25T19:23:50.329Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45780 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45780.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-45780 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2345856 cve-icon cve-icon
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-45780 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-45780 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact