6.4
CVE-2025-0684 - Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds writeβ¦
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem β¦
7.8
CVE-2025-0678 - Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some ofβ¦
7.6
CVE-2025-0624 - Grub2: net: out-of-bounds write in grub_net_search_config_file()
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable lengthβ¦
6.7
CVE-2024-45780 - Grub2: fs/tar: integer overflow causes heap oob write
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-ofβ¦
6.4
CVE-2025-0685 - Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write whenβ¦
A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of β¦
4.4
CVE-2024-45783 - Grub2: fs/hfs+: refcount can be decremented twice
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
4.1
CVE-2024-45778 - Grub2: fs/bfs: integer overflow in the bfs parser.
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
6.4
CVE-2025-0686 - Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write whβ¦
A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystβ¦
7.8
CVE-2024-45782 - Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, imβ¦
6.4
CVE-2025-0622 - Grub2: command/gpg: use-after-free due to hooks not being removed on module unload
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correβ¦