CVE-2025-0624
Published: 19 February 2025
Description
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Security Summary
CVE-2025-0624 is an out-of-bounds write vulnerability (CWE-787) in grub2, affecting the network boot process. When grub2 searches for a configuration file, it copies data from a user-controlled environment variable into an internal buffer using the grub_strcpy() function without properly considering the variable's length during buffer allocation. This flaw, published on 2025-02-19, has a CVSS v3.1 base score of 7.6 (AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
An attacker on the same network segment as the target system during the network boot process can exploit this issue remotely. Exploitation requires high privileges (PR:H) and high attack complexity (AC:H), but successful exploitation enables remote code execution with scope change (S:C), potentially allowing attackers to bypass secure boot protections.
Red Hat has addressed this vulnerability through multiple errata, including RHSA-2025:2521, RHSA-2025:2653, RHSA-2025:2655, RHSA-2025:2675, and RHSA-2025:2784, which provide updated grub2 packages as the primary mitigation. Security practitioners should apply these patches to affected systems to prevent exploitation during network booting.
Details
- CWE(s)