vulnerability
Amazon Linux 2023: CVE-2025-54771: Medium priority package update for grub2
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Nov 18, 2025 | Jan 12, 2026 | Jan 12, 2026 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Nov 18, 2025
Added
Jan 12, 2026
Modified
Jan 12, 2026
Description
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Solutions
amazon-linux-2023-upgrade-grub2-commonamazon-linux-2023-upgrade-grub2-debuginfoamazon-linux-2023-upgrade-grub2-debugsourceamazon-linux-2023-upgrade-grub2-efi-aa64amazon-linux-2023-upgrade-grub2-efi-aa64-cdbootamazon-linux-2023-upgrade-grub2-efi-aa64-ec2amazon-linux-2023-upgrade-grub2-efi-aa64-modulesamazon-linux-2023-upgrade-grub2-efi-x64amazon-linux-2023-upgrade-grub2-efi-x64-cdbootamazon-linux-2023-upgrade-grub2-efi-x64-ec2amazon-linux-2023-upgrade-grub2-efi-x64-modulesamazon-linux-2023-upgrade-grub2-emuamazon-linux-2023-upgrade-grub2-emu-debuginfoamazon-linux-2023-upgrade-grub2-emu-modulesamazon-linux-2023-upgrade-grub2-pcamazon-linux-2023-upgrade-grub2-pc-modulesamazon-linux-2023-upgrade-grub2-toolsamazon-linux-2023-upgrade-grub2-tools-debuginfoamazon-linux-2023-upgrade-grub2-tools-efiamazon-linux-2023-upgrade-grub2-tools-efi-debuginfoamazon-linux-2023-upgrade-grub2-tools-extraamazon-linux-2023-upgrade-grub2-tools-extra-debuginfoamazon-linux-2023-upgrade-grub2-tools-minimalamazon-linux-2023-upgrade-grub2-tools-minimal-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.