CVE-2024-45774

Summary

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.

Affected Software

VendorProductVersion RangeStatus
0 <= 2.12affected
Red HatRed Hat Enterprise Linux 91:2.06-104.el9_6 < *unaffected

Weaknesses

  • CWE-787: Out-of-bounds Write

Workarounds

Do not process untrusted JPEG files with grub2.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References