A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Sat, 05 Jul 2025 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10

Tue, 25 Mar 2025 05:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Sat, 22 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Fri, 21 Mar 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu grub2
Redhat openshift Container Platform
CPEs cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu grub2
Redhat openshift Container Platform

Fri, 21 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Tue, 04 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 03 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Title grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Thu, 20 Feb 2025 02:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.

Wed, 19 Feb 2025 14:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data
Weaknesses CWE-787
References
Metrics threat_severity

None

cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T21:10:50.699Z

Reserved: 2025-01-23T16:30:21.331Z

Link: CVE-2025-0678

cve-icon Vulnrichment

Updated: 2025-03-04T16:15:59.641Z

cve-icon NVD

Status : Modified

Published: 2025-03-03T17:15:14.053

Modified: 2025-03-25T05:15:40.667

Link: CVE-2025-0678

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-02-18T18:00:00Z

Links: CVE-2025-0678 - Bugzilla

cve-icon OpenCVE Enrichment

No data.