grub2-2.02-0.87.14.0.4.el7.AXS7

エラータID: AXSA:2025-9938:04

リリース日: 
2025/05/16 Friday - 13:10
題名: 
grub2-2.02-0.87.14.0.4.el7.AXS7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The GRand Unified Bootloader (GRUB) is a highly configurable and
customizable bootloader with modular architecture. It supports a rich
variety of kernel formats, file systems, computer architectures and
hardware devices.

Security Fix(es):

* CVE-2025-0624: net: Out-of-bounds write in grub_net_search_configfile()
* CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write
* CVE-2025-1118: commands/dump: The dump command is not in lockdown when
secure boot is enabled
* CVE-2025-0678: squash4: Integer overflow may lead to heap based
out-of-bounds write when reading data
* CVE-2025-1125: fs/hfs: Integer overflow may lead to heap based out-of-bounds
write

CVE(s):
CVE-2025-1118
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
CVE-2025-0690
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
CVE-2024-45775
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
CVE-2024-45774
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
CVE-2024-45783
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
CVE-2024-45780
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.
CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
CVE-2024-45776
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
CVE-2025-0678
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVE-2024-56737
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-45782
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
CVE-2024-45777
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
CVE-2025-1125
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0622
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.

解決策: 

Update packages.

CVE: 
CVE-2024-45774
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
CVE-2024-45775
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
CVE-2024-45776
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
CVE-2024-45777
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
CVE-2024-45780
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.
CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
CVE-2024-45782
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
CVE-2024-45783
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
CVE-2024-56737
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2025-0622
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0678
A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0690
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
CVE-2025-1118
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
CVE-2025-1125
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.
追加情報: 

N/A

ダウンロード: 

Asianux Server 7 for x86_64
  1. grub2-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: 52b205e7032f919ac8e344de063f7ed8
    SHA-256: 372394b0df6f867754304d087ce792f778388a15881d7b2a561b5668bc129e6b
    Size: 35.70 kB
  2. grub2-common-2.02-0.87.14.0.4.el7.AXS7.noarch.rpm
    MD5: ea1b37a4be726b137226230708e0730e
    SHA-256: 04be4778cb5b8be3cadeaf4aad4de7120de2898143b425ece81edd3dfd191009
    Size: 734.11 kB
  3. grub2-efi-ia32-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: 1c98be15e91263e55ffe4c133945e578
    SHA-256: 07452d0c0979d7d6f8987d7d022a13e067a2be5e63e978dbdc88dd8ac79ff70a
    Size: 1.42 MB
  4. grub2-efi-ia32-modules-2.02-0.87.14.0.4.el7.AXS7.noarch.rpm
    MD5: 83b99d1fb2aa5ead049c3ef7e9d4de00
    SHA-256: 2bd2d70c44b7470bdb9210f6339f930b104bac7a26d13630b0bba3d4e1bc9d78
    Size: 1.08 MB
  5. grub2-efi-x64-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: 6b51f9d83c19228b69ec33ba33b40f84
    SHA-256: ecfd967c7165677d8816ed691a20f8d4ecb5771657b46d5d7ae68e4e9963b3f9
    Size: 1.12 MB
  6. grub2-efi-x64-modules-2.02-0.87.14.0.4.el7.AXS7.noarch.rpm
    MD5: 2b6cb97e144cf518c4d57ac7b6eb1e2d
    SHA-256: 209222a86aa4ca24e1af95954a5d6d9d05d4cb1f70ed5309e7cf47348e6572a9
    Size: 1.11 MB
  7. grub2-pc-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: 59d9086f6a9e1ba4466fffd615912a2f
    SHA-256: 73a8a568d6bd01ad9d414e550ce124fa1ea26f595df3eb950b4a65d8e810de2c
    Size: 35.76 kB
  8. grub2-pc-modules-2.02-0.87.14.0.4.el7.AXS7.noarch.rpm
    MD5: b2b7862abf214f80f6561efee704db1c
    SHA-256: 54fc3f50bcaf625cd9cac523ad3515b0278a374adae48f5d3d5ec36311c8c7ad
    Size: 862.35 kB
  9. grub2-tools-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: d322fb55c901c3eee6d64e9aeb0b30d3
    SHA-256: 58baf7e8b26ce1b7e508f0707d5fd43d70eccc197d624c6d96fb57568504f1cf
    Size: 1.80 MB
  10. grub2-tools-extra-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: 99a7e2bd1dcb91921429b7134af5a617
    SHA-256: 948b7457db74f4d83f4290d63cdad229b578df4fc560d5cf1a29cf4fce09bf29
    Size: 1.00 MB
  11. grub2-tools-minimal-2.02-0.87.14.0.4.el7.AXS7.x86_64.rpm
    MD5: 396394818ef5703c4703a020a2286583
    SHA-256: 61fef49f9b3a2f26930756227ca50048778789fa37b9ca0b4ee78429be3d8248
    Size: 178.91 kB