CVE-2024-45777 MEDIUM

CVE-2024-45777: Grub2: grub-core/gettext: integer overflow leads to heap oob write.

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-787
Published February 19, 2025
Last update January 29, 2026

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

Key dates

02Disclosure timeline

February 19, 2025 CVE published
January 29, 2026 Record updated