REDHAT-BUG-2346119: Integer Overflow

First published: Mon Feb 17 2025(Updated: )

When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2025-0684
• agent/weakness
• agent/last-modified-date
• agent/source
• agent/references
• agent/description
• agent/type
• agent/first-publish-date
• agent/severity
• agent/event
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• vendor/gnu
• canonical/ubuntu grub (gnu grand unified bootloader)