Grub2 Lockdown Bypass Vulnerability Allowing Memory Dump in Red Hat Products

Vulnerability

A vulnerability exists in Grub2 where the 'dump' command is not restricted during lockdown mode. This oversight enables users to access memory information, potentially allowing attackers to extract sensitive data such as signatures and salts from memory. This issue has been identified in multiple Red Hat Enterprise Linux versions and Red Hat OpenShift Container Platform 4.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information stored in memory, including cryptographic signatures and salts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.8

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.8

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Grub2 Lockdown Bypass Vulnerability Allowing Memory Dump in Red Hat Products

Vulnerability

Impact

Affected Products

grub2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating