2346116 – (CVE-2025-0677) CVE-2025-0677 grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks

Bug 2346116 (CVE-2025-0677) - CVE-2025-0677 grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks

Summary: CVE-2025-0677 grub2: UFS: Integer overflow may lead to heap based out-of-boun...

Keywords:
Status:	NEW
Alias:	CVE-2025-0677
Deadline:	2025-02-18
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-17 15:07 UTC by OSIDB Bzimport
Modified:	2025-02-19 18:05 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-17 15:07:05 UTC

When performing a symlink lookup the grub's UFS module check the inode's data size to allocate the internal buffer for reading the file content however it misses to check if the symlink data size has overflown. If that happens grub_malloc() may be called with a smaller value than needed, as consequence when further reading the data from disk into the buffer grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack may leverage that by crafting a malicious filesystem and as a result it will corrupt data stored in the heap, it's possible that arbitrary code execution may be achieved through it and to be used to by-pass secure boot mechanisms.

Note You need to log in before you can comment on or make changes to this bug.