Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sat, 05 Jul 2025 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:enterprise_linux:10 |
Tue, 25 Mar 2025 05:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Sat, 22 Mar 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-787 |
Fri, 21 Mar 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gnu
Gnu grub2 Redhat openshift Container Platform |
|
CPEs | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Gnu
Gnu grub2 Redhat openshift Container Platform |
Fri, 21 Mar 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-190 |
Tue, 04 Mar 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 03 Mar 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data | Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
|
Thu, 20 Feb 2025 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. |
Wed, 19 Feb 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data | |
Weaknesses | CWE-787 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-08-30T21:10:50.699Z
Reserved: 2025-01-23T16:30:21.331Z
Link: CVE-2025-0678

Updated: 2025-03-04T16:15:59.641Z

Status : Modified
Published: 2025-03-03T17:15:14.053
Modified: 2025-03-25T05:15:40.667
Link: CVE-2025-0678


No data.