Primary

Context

GRUB gettext Module Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the gettext module of GRUB. This issue arises because the gettext command remains registered in memory even after the module is unloaded. An attacker can exploit this flaw by invoking the lingering command, which leads the application to access an invalid memory location. This exploitation can cause GRUB to crash, resulting in a denial-of-service condition. Additionally, there is a potential risk of compromising data integrity or confidentiality.

Impact

Exploitation of this vulnerability can cause GRUB to crash, leading to a denial-of-service condition. However, there is also a potential risk of compromising data integrity or confidentiality.

Remediation

The vulnerability has been fixed by adding an unregister call for the gettext command when the module is unloaded. Users should upgrade to a version of GRUB that includes this fix.

Added: Nov 18, 2025, 7:21 PM

Updated: Nov 18, 2025, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.8

exploitability

4.3

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.8

exploitability

4.3

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GRUB gettext Module Use-After-Free Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GNU GRUB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating