Bug 2414683 (CVE-2025-61662)

Summary: CVE-2025-61662 grub2: Missing unregister call for gettext command may lead to use-after-free
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2025-11-18   

Description OSIDB Bzimport 2025-11-12 21:21:16 UTC 
The gettext command is registered in the gettext module during load. However, the command is not unregistered at the module unload. So, this may lead to use-after-free issue when the gettext command is invoked after the gettext module unload.
Comment 2 errata-xmlrpc 2026-03-16 19:12:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:4649 https://access.redhat.com/errata/RHSA-2026:4649
Comment 3 errata-xmlrpc 2026-03-16 19:32:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4648 https://access.redhat.com/errata/RHSA-2026:4648
Comment 4 errata-xmlrpc 2026-03-16 19:44:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:4652 https://access.redhat.com/errata/RHSA-2026:4652
Comment 5 errata-xmlrpc 2026-03-16 20:14:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:4653 https://access.redhat.com/errata/RHSA-2026:4653
Comment 6 errata-xmlrpc 2026-03-16 20:27:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:4654 https://access.redhat.com/errata/RHSA-2026:4654
Comment 7 errata-xmlrpc 2026-03-17 17:20:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:4760 https://access.redhat.com/errata/RHSA-2026:4760
Comment 8 errata-xmlrpc 2026-03-17 17:48:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:4830 https://access.redhat.com/errata/RHSA-2026:4830
Comment 9 errata-xmlrpc 2026-03-17 18:01:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4822 https://access.redhat.com/errata/RHSA-2026:4822
Comment 10 errata-xmlrpc 2026-03-17 18:07:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:4823 https://access.redhat.com/errata/RHSA-2026:4823
Comment 11 errata-xmlrpc 2026-03-18 09:12:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4900 https://access.redhat.com/errata/RHSA-2026:4900
Comment 12 errata-xmlrpc 2026-03-18 22:15:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:4998 https://access.redhat.com/errata/RHSA-2026:4998
Comment 13 errata-xmlrpc 2026-03-19 09:43:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:5074 https://access.redhat.com/errata/RHSA-2026:5074
Comment 14 errata-xmlrpc 2026-03-23 02:37:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:5233 https://access.redhat.com/errata/RHSA-2026:5233
Comment 15 errata-xmlrpc 2026-03-25 04:58:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2026:5127 https://access.redhat.com/errata/RHSA-2026:5127
Comment 16 errata-xmlrpc 2026-04-09 11:22:14 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2026:6492 https://access.redhat.com/errata/RHSA-2026:6492
Comment 17 errata-xmlrpc 2026-04-16 10:24:23 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2026:7239 https://access.redhat.com/errata/RHSA-2026:7239
Comment 18 errata-xmlrpc 2026-04-16 10:56:19 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2026:7243 https://access.redhat.com/errata/RHSA-2026:7243