Primary

Context

Red Hat Grub2 Memory Allocation Vulnerability in Argument List Handling

Vulnerability

Patched

A vulnerability exists in Grub2 where the 'grub_extcmd_dispatcher()' function allocates memory for the argument list but does not verify if the allocation was successful. This oversight can lead to a NULL pointer being processed by the 'parse_option()' function, causing Grub to crash or, in rare cases, corrupt the IVT data.

Impact

Exploitation of this vulnerability can cause Grub to crash or, in some rare scenarios, corrupt the IVT data.

Remediation

Users can apply the available update for Grub2 in Red Hat Enterprise Linux 9. For details on how to apply this update, refer to the Red Hat Enterprise Linux 9 Update Instructions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Grub2 Memory Allocation Vulnerability in Argument List Handling

Vulnerability

Impact

Remediation

Affected Products

Red Hat grub2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating