GRUB2 HFS Filesystem Heap-Based Out-of-Bounds Write Vulnerability Leading to Secure Boot Bypass

Vulnerability

A heap-based out-of-bounds write vulnerability has been identified in the GRUB2 bootloader's HFS filesystem driver. This issue arises because the driver improperly validates the length of user-provided volume names before using them in a strcpy() operation. As a result, this flaw can corrupt memory, potentially allowing for the execution of arbitrary code. Furthermore, it jeopardizes the integrity of GRUB's sensitive data and could be exploited to bypass secure boot protections.

Impact

Exploitation of this vulnerability could lead to memory corruption, allowing for the modification of GRUB's sensitive data integrity. This memory corruption could be leveraged to execute unauthorized code, with the added consequence of bypassing secure boot protections.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GRUB2 HFS Filesystem Heap-Based Out-of-Bounds Write Vulnerability Leading to Secure Boot Bypass

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating