vulnerability

SUSE: CVE-2024-45781: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:M/C:C/I:C/A:C)	Apr 10, 2025	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:L/AC:L/Au:M/C:C/I:C/A:C)

Published

Apr 10, 2025

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.

Solutions

suse-upgrade-grub2suse-upgrade-grub2-arm64-efisuse-upgrade-grub2-arm64-efi-debugsuse-upgrade-grub2-arm64-efi-extrassuse-upgrade-grub2-branding-upstreamsuse-upgrade-grub2-commonsuse-upgrade-grub2-i386-pcsuse-upgrade-grub2-i386-pc-debugsuse-upgrade-grub2-i386-pc-extrassuse-upgrade-grub2-i386-xen-debugsuse-upgrade-grub2-powerpc-ieee1275suse-upgrade-grub2-powerpc-ieee1275-debugsuse-upgrade-grub2-powerpc-ieee1275-extrassuse-upgrade-grub2-s390x-emususe-upgrade-grub2-s390x-emu-debugsuse-upgrade-grub2-s390x-emu-extrassuse-upgrade-grub2-snapper-pluginsuse-upgrade-grub2-systemd-sleep-pluginsuse-upgrade-grub2-x86_64-efisuse-upgrade-grub2-x86_64-efi-debugsuse-upgrade-grub2-x86_64-efi-extrassuse-upgrade-grub2-x86_64-xensuse-upgrade-grub2-x86_64-xen-debugsuse-upgrade-grub2-x86_64-xen-extras

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today