CVE-2024-45775 MEDIUM

CVE-2024-45775: Grub2: commands/extcmd: missing check for failed allocation

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Weakness CWE-252

Published February 18, 2025

Last update January 29, 2026

View on NVD All CVEs

CVSS base score

5.2/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.

Key dates

02Disclosure timeline

February 18, 2025 CVE published

January 29, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45775

Related vulnerabilities

Identifiers

CVE CVE-2024-45775

CWE CWE-252

CVSS 5.2 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 10

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

Vendor Red Hat

Product Red Hat OpenShift Container Platform 4

Affected All versions

CVE-2024-45775: Grub2: commands/extcmd: missing check for failed allocation

01Description

02Disclosure timeline

03References

04Related CVE