CVE-2025-0677

{"id": "CVE-2025-0677", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2025-02-19T19:15:15.280", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:6990", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-0677", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en grub2. Al realizar una b\u00fasqueda de enlace simb\u00f3lico, el m\u00f3dulo UFS de grub verifica el tama\u00f1o de los datos del inodo para asignar el b\u00fafer interno para leer el contenido del archivo, sin embargo, no verifica si el tama\u00f1o de los datos del enlace simb\u00f3lico se ha desbordado. Cuando esto ocurre, se puede llamar a grub_malloc() con un valor menor al necesario. Al leer m\u00e1s datos del disco en el b\u00fafer, la funci\u00f3n grub_ufs_lookup_symlink() escribir\u00e1 m\u00e1s all\u00e1 del final del tama\u00f1o asignado. Un ataque puede aprovechar esto creando un sistema de archivos malicioso y, como resultado, corromper\u00e1 los datos almacenados en el mont\u00f3n, lo que permitir\u00e1 la ejecuci\u00f3n de c\u00f3digo arbitrario utilizado para eludir los mecanismos de arranque seguro."}], "lastModified": "2025-05-13T20:15:25.803", "sourceIdentifier": "secalert@redhat.com"}