CVE-2024-45776 MEDIUM

CVE-2024-45776: Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Weakness CWE-787

Published February 18, 2025

Last update January 29, 2026

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.

Key dates

02Disclosure timeline

February 18, 2025 CVE published

January 29, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45776 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2024-45776

CWE CWE-787

CVSS 6.7 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

Vendor Red Hat

Product Red Hat OpenShift Container Platform 4

Affected All versions

CVE-2024-45776: Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

01Description

02Disclosure timeline

03References

04Related CVE