vulnerability
Huawei EulerOS: CVE-2024-45780: grub2 security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:M/C:C/I:C/A:C) | Mar 3, 2025 | Jun 11, 2025 | Apr 1, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:M/C:C/I:C/A:C)
Published
Mar 3, 2025
Added
Jun 11, 2025
Modified
Apr 1, 2026
Description
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.
Solutions
huawei-euleros-2_0_sp13-upgrade-grub2-commonhuawei-euleros-2_0_sp13-upgrade-grub2-efi-x64huawei-euleros-2_0_sp13-upgrade-grub2-efi-x64-moduleshuawei-euleros-2_0_sp13-upgrade-grub2-pchuawei-euleros-2_0_sp13-upgrade-grub2-pc-moduleshuawei-euleros-2_0_sp13-upgrade-grub2-toolshuawei-euleros-2_0_sp13-upgrade-grub2-tools-efihuawei-euleros-2_0_sp13-upgrade-grub2-tools-extrahuawei-euleros-2_0_sp13-upgrade-grub2-tools-minimal
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.