A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Tue, 10 Jun 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Wed, 14 May 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9

Tue, 13 May 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 19 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 19 Feb 2025 14:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 18 Feb 2025 19:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
Title Grub2: commands/extcmd: missing check for failed allocation
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-252
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T22:17:56.328Z

Reserved: 2024-09-08T01:57:12.947Z

Link: CVE-2024-45775

cve-icon Vulnrichment

Updated: 2025-02-19T14:42:32.168Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-02-18T20:15:19.177

Modified: 2025-05-13T20:15:24.717

Link: CVE-2024-45775

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-28T00:00:00Z

Links: CVE-2024-45775 - Bugzilla

cve-icon OpenCVE Enrichment

No data.