An update for grub2 is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1232 Final 1.0 1.0 2025-03-07 Initial 2025-03-07 2025-03-07 openEuler SA Tool V1.0 2025-03-07 grub2 security update An update for grub2 is now available for openEuler-22.03-LTS-SP3 GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fix(es): A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.(CVE-2024-45774) A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.(CVE-2024-45778) GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.(CVE-2024-56737) A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.(CVE-2025-0622) A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.(CVE-2025-0624) A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.(CVE-2025-0677) An update for grub2 is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High grub2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-45774 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-45778 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56737 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-0622 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-0624 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-0677 https://nvd.nist.gov/vuln/detail/CVE-2024-45774 https://nvd.nist.gov/vuln/detail/CVE-2024-45778 https://nvd.nist.gov/vuln/detail/CVE-2024-56737 https://nvd.nist.gov/vuln/detail/CVE-2025-0622 https://nvd.nist.gov/vuln/detail/CVE-2025-0624 https://nvd.nist.gov/vuln/detail/CVE-2025-0677 openEuler-22.03-LTS-SP3 grub2-2.06-51.oe2203sp3.src.rpm grub2-common-2.06-51.oe2203sp3.noarch.rpm grub2-efi-aa64-modules-2.06-51.oe2203sp3.noarch.rpm grub2-efi-ia32-modules-2.06-51.oe2203sp3.noarch.rpm grub2-efi-x64-modules-2.06-51.oe2203sp3.noarch.rpm grub2-help-2.06-51.oe2203sp3.noarch.rpm grub2-pc-modules-2.06-51.oe2203sp3.noarch.rpm grub2-debuginfo-2.06-51.oe2203sp3.aarch64.rpm grub2-debugsource-2.06-51.oe2203sp3.aarch64.rpm grub2-efi-aa64-2.06-51.oe2203sp3.aarch64.rpm grub2-efi-aa64-cdboot-2.06-51.oe2203sp3.aarch64.rpm grub2-tools-2.06-51.oe2203sp3.aarch64.rpm grub2-tools-extra-2.06-51.oe2203sp3.aarch64.rpm grub2-tools-minimal-2.06-51.oe2203sp3.aarch64.rpm grub2-debuginfo-2.06-51.oe2203sp3.x86_64.rpm grub2-debugsource-2.06-51.oe2203sp3.x86_64.rpm grub2-efi-ia32-2.06-51.oe2203sp3.x86_64.rpm grub2-efi-ia32-cdboot-2.06-51.oe2203sp3.x86_64.rpm grub2-efi-x64-2.06-51.oe2203sp3.x86_64.rpm grub2-efi-x64-cdboot-2.06-51.oe2203sp3.x86_64.rpm grub2-pc-2.06-51.oe2203sp3.x86_64.rpm grub2-tools-2.06-51.oe2203sp3.x86_64.rpm grub2-tools-efi-2.06-51.oe2203sp3.x86_64.rpm grub2-tools-extra-2.06-51.oe2203sp3.x86_64.rpm grub2-tools-minimal-2.06-51.oe2203sp3.x86_64.rpm A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded. 2025-03-07 CVE-2024-45774 openEuler-22.03-LTS-SP3 Medium 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H grub2 security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232 A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash. 2025-03-07 CVE-2024-45778 openEuler-22.03-LTS-SP3 Medium 4.1 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H grub2 security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232 GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. 2025-03-07 CVE-2024-56737 openEuler-22.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H grub2 security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232 A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. 2025-03-07 CVE-2025-0622 openEuler-22.03-LTS-SP3 Medium 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H grub2 security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections. 2025-03-07 CVE-2025-0624 openEuler-22.03-LTS-SP3 High 7.6 AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H grub2 security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232 A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms. 2025-03-07 CVE-2025-0677 openEuler-22.03-LTS-SP3 Medium 6.4 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H grub2 security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1232