CVE-2025-0677 Information

Description

A flaw was found in grub2. When performing a symlink lookup the grub’s UFS module checks the inode’s data size to allocate the internal buffer to read the file content however it fails to check if the symlink data size has overflown. When this occurs grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem and as a result it will corrupt data stored in the heap allowing for arbitrary code execution used to by-pass secure boot mechanisms.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://access.redhat.com/security/cve/CVE-2025-0677 https://bugzilla.redhat.com/show_bug.cgi?id=2346116

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.4