Executive Summary

Informations
Name CVE-2025-0677 First vendor Publication 2025-02-19
Vendor Cve Last vendor Modification 2025-05-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677

Sources (Detail)

https://access.redhat.com/errata/RHSA-2025:6990
https://access.redhat.com/security/cve/CVE-2025-0677
https://bugzilla.redhat.com/show_bug.cgi?id=2346116
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-05-27 02:51:00
  • Multiple Updates
2025-02-20 00:20:27
  • First insertion