CVE-2024-45778

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-45778	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2345640	Issue Tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

24 Mar 2026, 23:17

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla de desbordamiento de pila al leer un sistema de archivos BFS. Un sistema de archivos BFS manipulado puede generar un bucle descontrolado, lo que hace que grub2 se bloquee.
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:gnu:grub2:::::::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
First Time		Redhat Redhat enterprise Linux Gnu Gnu grub2 Redhat openshift Container Platform
References		() https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html -
References	~~() https://access.redhat.com/security/cve/CVE-2024-45778 -~~	() https://access.redhat.com/security/cve/CVE-2024-45778 - Broken Link
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2345640 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2345640 - Issue Tracking

03 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-03 17:15

Updated : 2026-03-24 23:17

NVD link : CVE-2024-45778

Mitre link : CVE-2024-45778

CVE.ORG link : CVE-2024-45778

JSON object : View

Products Affected

gnu

grub2

redhat

openshift_container_platform
enterprise_linux

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-45778", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-03-03T17:15:12.700", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-45778", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345640", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de desbordamiento de pila al leer un sistema de archivos BFS. Un sistema de archivos BFS manipulado puede generar un bucle descontrolado, lo que hace que grub2 se bloquee."}], "lastModified": "2026-03-24T23:17:09.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ECC2401-511C-4A2E-878F-C7053FA3ABB1", "versionEndIncluding": "2.12"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}