CVE-2025-0624 - Vulnerability Details

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Openshift Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
grub2-1:2.02-0.87.el7_9.15	cpe:/o:redhat:rhel_els:7	RHSA-2025:3396	2025-03-31T00:00:00Z
Red Hat Enterprise Linux 8
grub2-1:2.02-162.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:3367	2025-03-27T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
grub2-1:2.02-87.el8_2.13	cpe:/o:redhat:rhel_aus:8.2	RHSA-2025:2784	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
grub2-1:2.02-99.el8_4.12	cpe:/o:redhat:rhel_aus:8.4	RHSA-2025:2655	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
grub2-1:2.02-99.el8_4.12	cpe:/o:redhat:rhel_tus:8.4	RHSA-2025:2655	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
grub2-1:2.02-99.el8_4.12	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2025:2655	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
grub2-1:2.02-123.el8_6.18	cpe:/o:redhat:rhel_aus:8.6	RHSA-2025:2653	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
grub2-1:2.02-123.el8_6.18	cpe:/o:redhat:rhel_tus:8.6	RHSA-2025:2653	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
grub2-1:2.02-123.el8_6.18	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2025:2653	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
grub2-1:2.02-152.el8_8.2	cpe:/o:redhat:rhel_eus:8.8	RHSA-2025:2521	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9
grub2-1:2.06-94.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:2867	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
grub2-1:2.06-27.el9_0.22	cpe:/o:redhat:rhel_e4s:9.0	RHSA-2025:2799	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
grub2-1:2.06-61.el9_2.10	cpe:/o:redhat:rhel_eus:9.2	RHSA-2025:2869	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
grub2-1:2.06-86.el9_4.2	cpe:/o:redhat:rhel_eus:9.4	RHSA-2025:2675	2025-03-12T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202503252048-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:3301	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.17
rhcos-417.94.202503241418-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:3297	2025-04-03T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:2521
https://access.redhat.com/errata/RHSA-2025:2653
https://access.redhat.com/errata/RHSA-2025:2655
https://access.redhat.com/errata/RHSA-2025:2675
https://access.redhat.com/errata/RHSA-2025:2784
https://access.redhat.com/errata/RHSA-2025:2799
https://access.redhat.com/errata/RHSA-2025:2867
https://access.redhat.com/errata/RHSA-2025:2869
https://access.redhat.com/errata/RHSA-2025:3297
https://access.redhat.com/errata/RHSA-2025:3301
https://access.redhat.com/errata/RHSA-2025:3367
https://access.redhat.com/errata/RHSA-2025:3396
https://access.redhat.com/security/cve/CVE-2025-0624
https://bugzilla.redhat.com/show_bug.cgi?id=2346112
https://nvd.nist.gov/vuln/detail/CVE-2025-0624
https://www.cve.org/CVERecord?id=CVE-2025-0624

History

Thu, 03 Apr 2025 10:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:3297

Thu, 03 Apr 2025 00:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.16::el9
References		https://access.redhat.com/errata/RHSA-2025:3301

Mon, 31 Mar 2025 04:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:3396

Fri, 28 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Thu, 27 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:3367

Mon, 17 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_eus:9.2

Mon, 17 Mar 2025 05:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:2869

Mon, 17 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:2867

Fri, 14 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_e4s:9.0

Thu, 13 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2025:2799

Thu, 13 Mar 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:2784

Thu, 13 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:9.4

Wed, 12 Mar 2025 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:9.4::baseos
References		https://access.redhat.com/errata/RHSA-2025:2675

Wed, 12 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.4 cpe:/o:redhat:rhel_tus:8.6

Tue, 11 Mar 2025 11:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
References		https://access.redhat.com/errata/RHSA-2025:2653

Tue, 11 Mar 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:2655

Tue, 11 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:8.8

Mon, 10 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/o:redhat:rhel_eus:8.8::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:2521

Wed, 19 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 19 Feb 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Title	grub2: net: Out-of-bounds write in grub_net_search_config_file()	Grub2: net: out-of-bounds write in grub_net_search_config_file()
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-0624 https://bugzilla.redhat.com/show_bug.cgi?id=2346112

Wed, 19 Feb 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		grub2: net: Out-of-bounds write in grub_net_search_config_file()
Weaknesses		CWE-787
References		https://nvd.nist.gov/vuln/detail/CVE-2025-0624 https://www.cve.org/CVERecord?id=CVE-2025-0624
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-02-19T18:23:21.463Z

Updated: 2025-04-03T10:07:50.890Z

Reserved: 2025-01-21T16:49:51.381Z

Link: CVE-2025-0624

Vulnrichment

Updated: 2025-02-19T18:39:24.255Z

NVD

Status : Awaiting Analysis

Published: 2025-02-19T19:15:15.120

Modified: 2025-04-03T10:15:19.267

Link: CVE-2025-0624

Redhat

Severity : Important

Publid Date: 2025-02-18T18:00:00Z

Links: CVE-2025-0624 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0624", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-01-21T16:49:51.381Z", "datePublished": "2025-02-19T18:23:21.463Z", "dateUpdated": "2025-04-03T10:07:50.890Z"}, "containers": {"cna": {"title": "Grub2: net: out-of-bounds write in grub_net_search_config_file()", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-0.87.el7_9.15", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-162.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-87.el8_2.13", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-99.el8_4.12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-99.el8_4.12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-99.el8_4.12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-123.el8_6.18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-123.el8_6.18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-123.el8_6.18", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.02-152.el8_8.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-94.el9_5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-27.el9_0.22", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-61.el9_2.10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-86.el9_4.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "416.94.202503252048-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "417.94.202503241418-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:2521", "name": "RHSA-2025:2521", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2653", "name": "RHSA-2025:2653", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2655", "name": "RHSA-2025:2655", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2675", "name": "RHSA-2025:2675", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2784", "name": "RHSA-2025:2784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2799", "name": "RHSA-2025:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2867", "name": "RHSA-2025:2867", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2869", "name": "RHSA-2025:2869", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3297", "name": "RHSA-2025:3297", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3301", "name": "RHSA-2025:3301", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3367", "name": "RHSA-2025:3367", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3396", "name": "RHSA-2025:3396", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-0624", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112", "name": "RHBZ#2346112", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-02-18T18:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-787: Out-of-bounds Write", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2025-02-17T14:35:38.127000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-18T18:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-04-03T10:07:50.890Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-19T18:39:10.861038Z", "id": "CVE-2025-0624", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T18:39:29.836Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-19T18:39:10.861038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T18:39:24.255Z"}}], "cna": {"title": "Grub2: net: out-of-bounds write in grub_net_search_config_file()", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "1:2.02-0.87.el7_9.15", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "1:2.02-162.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "1:2.02-87.el8_2.13", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "1:2.02-99.el8_4.12", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "1:2.02-99.el8_4.12", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "1:2.02-99.el8_4.12", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "1:2.02-123.el8_6.18", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "1:2.02-123.el8_6.18", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "1:2.02-123.el8_6.18", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "1:2.02-152.el8_8.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "1:2.06-94.el9_5", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:9.0::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "1:2.06-27.el9_0.22", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "1:2.06-61.el9_2.10", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "1:2.06-86.el9_4.2", "lessThan": "*", "versionType": "rpm"}], "packageName": "grub2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "416.94.202503252048-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "417.94.202503241418-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-02-17T14:35:38.127000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-02-18T18:00:00+00:00", "value": "Made public."}], "datePublic": "2025-02-18T18:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:2521", "name": "RHSA-2025:2521", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2653", "name": "RHSA-2025:2653", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2655", "name": "RHSA-2025:2655", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2675", "name": "RHSA-2025:2675", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2784", "name": "RHSA-2025:2784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2799", "name": "RHSA-2025:2799", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2867", "name": "RHSA-2025:2867", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:2869", "name": "RHSA-2025:2869", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3297", "name": "RHSA-2025:3297", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3301", "name": "RHSA-2025:3301", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3367", "name": "RHSA-2025:3367", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:3396", "name": "RHSA-2025:3396", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-0624", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112", "name": "RHBZ#2346112", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-04-03T10:07:50.890Z"}, "x_redhatCweChain": "CWE-787: Out-of-bounds Write"}}, "cveMetadata": {"cveId": "CVE-2025-0624", "state": "PUBLISHED", "dateUpdated": "2025-04-03T10:07:50.890Z", "dateReserved": "2025-01-21T16:49:51.381Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-02-19T18:23:21.463Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en grub2. Durante el proceso de arranque de red, al intentar buscar el archivo de configuraci\u00f3n, grub copia datos de una variable de entorno controlada por el usuario en un b\u00fafer interno mediante la funci\u00f3n grub_strcpy(). Durante este paso, no tiene en cuenta la longitud de la variable de entorno al asignar el b\u00fafer interno, lo que da como resultado una escritura fuera de los l\u00edmites. Si se explota correctamente, este problema puede dar como resultado la ejecuci\u00f3n de c\u00f3digo remoto a trav\u00e9s del mismo segmento de red en el que grub est\u00e1 buscando la informaci\u00f3n de arranque, que se puede utilizar para eludir las protecciones de arranque seguro."}], "id": "CVE-2025-0624", "lastModified": "2025-04-03T10:15:19.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-02-19T19:15:15.120", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2521"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2653"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2655"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2675"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2784"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2799"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2867"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:2869"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3297"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3301"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3367"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:3396"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-0624"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3396", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "grub2-1:2.02-0.87.el7_9.15", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3367", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "grub2-1:2.02-162.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:2784", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "grub2-1:2.02-87.el8_2.13", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2655", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "grub2-1:2.02-99.el8_4.12", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2655", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "grub2-1:2.02-99.el8_4.12", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2655", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "grub2-1:2.02-99.el8_4.12", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2653", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "grub2-1:2.02-123.el8_6.18", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2653", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "grub2-1:2.02-123.el8_6.18", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2653", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "grub2-1:2.02-123.el8_6.18", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2521", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "grub2-1:2.02-152.el8_8.2", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2867", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "grub2-1:2.06-94.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-17T00:00:00Z"}, {"advisory": "RHSA-2025:2799", "cpe": "cpe:/o:redhat:rhel_e4s:9.0", "package": "grub2-1:2.06-27.el9_0.22", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2869", "cpe": "cpe:/o:redhat:rhel_eus:9.2", "package": "grub2-1:2.06-61.el9_2.10", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-17T00:00:00Z"}, {"advisory": "RHSA-2025:2675", "cpe": "cpe:/o:redhat:rhel_eus:9.4", "package": "grub2-1:2.06-86.el9_4.2", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:3301", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202503252048-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3297", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "rhcos-417.94.202503241418-0", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-04-03T00:00:00Z"}], "bugzilla": {"description": "grub2: net: Out-of-bounds write in grub_net_search_config_file()", "id": "2346112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.", "A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-0624", "public_date": "2025-02-18T18:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0624\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0624"], "statement": "Red Hat Product Security team has rated this vulnerability as Important, as an attacker that has access to the same network segment is able to exploit it once netboot is enabled in grub2.", "threat_severity": "Important"}

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object