Primary

Context

Grub2 Out-of-Bounds Write Vulnerability in Network Boot Process Allowing Remote Code Execution

Vulnerability

Patched

An out-of-bounds write vulnerability has been identified in Grub2 versions through 2.12. During the network boot process, Grub2 fails to properly validate the length of user-controlled environment variables when copying data into an internal buffer. This oversight creates an out-of-bounds write condition, which, if exploited, could lead to remote code execution on the same network segment. This vulnerability also has the potential to bypass Secure Boot protections.

Impact

Exploitation of this vulnerability could result in unauthorized remote code execution, with the added risk of circumventing Secure Boot protections.

Remediation

Users can upgrade to Grub2 versions 2.12 or later to address this vulnerability. Red Hat Enterprise Linux and OpenShift Container Platform users can follow the update instructions provided in the respective Red Hat security advisories.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grub2 Out-of-Bounds Write Vulnerability in Network Boot Process Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

grub2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating