CVE-2025-0678

CVE-2025-0678 is an integer overflow vulnerability (CWE-190) in the GRUB2 bootloader's squash4 filesystem module. When GRUB2 reads data from a squash4 filesystem, it uses user-controlled parameters from the filesystem geometry to calculate internal buffer sizes but fails to properly check for integer overflows. A maliciously crafted squash4 filesystem can cause these buffer size calculations to overflow, resulting in a grub_malloc() allocation with a smaller size than intended. This leads to a heap-based out-of-bounds write during the subsequent direct_read() operation.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it by providing a specially crafted squash4 filesystem image accessible during GRUB2's boot process. Exploitation corrupts GRUB2's internal critical data structures, potentially enabling arbitrary code execution and bypassing Secure Boot protections.

Mitigation details are available in the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2025-0678 and the related Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2346118.