Login Sign Up

CVE-2024-45777

6.7 MEDIUM

📋 TL;DR

This vulnerability in grub2 allows attackers to trigger an out-of-bounds write when processing language files, potentially overwriting sensitive heap data. This could lead to bypassing secure boot protections on affected systems. Systems using vulnerable grub2 versions with secure boot enabled are affected.

💻 Affected Systems

Products:
  • grub2
Versions: Specific versions not detailed in references; check Red Hat advisories for affected distributions.
Operating Systems: Linux distributions using grub2 (RHEL, Fedora, Ubuntu, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires secure boot to be enabled for full impact; systems without secure boot are less severely affected.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Grub2 by Gnu

View all CVEs affecting Grub2 →

Openshift by Redhat

View all CVEs affecting Openshift →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete secure boot bypass allowing persistent malware installation at boot time, potentially leading to full system compromise and persistence across reboots.

🟠

Likely Case

Local privilege escalation or secure boot bypass requiring physical access or administrative privileges to modify boot configuration.

🟢

If Mitigated

Limited impact if secure boot is disabled or systems are physically secured with restricted boot media access.

🌐 Internet-Facing: LOW - Requires local access or ability to modify boot configuration, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or attackers with physical access to boot media.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to modify boot configuration or language files, typically needing local access or administrative privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific distribution updates (e.g., Red Hat RHSA-2025:20532)

Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:20532

Restart Required: Yes

Instructions:

1. Update grub2 package via package manager. 2. Regenerate grub configuration. 3. Reboot system to apply changes.

🔧 Temporary Workarounds

Disable secure boot

linux

Reduces impact by removing secure boot bypass capability

sudo mokutil --disable-validation

Restrict boot media access

all

Prevents unauthorized modification of boot configuration

Configure BIOS/UEFI password protection
Physically secure systems

🧯 If You Can't Patch

  • Implement strict physical security controls to prevent unauthorized boot media access
  • Disable secure boot if not required for compliance

🔍 How to Verify

Check if Vulnerable:

Check grub2 package version against vendor advisories

Check Version:

rpm -q grub2 (RHEL) or dpkg -l grub2 (Debian/Ubuntu)

Verify Fix Applied:

Verify grub2 package is updated to patched version and secure boot status

📡 Detection & Monitoring

Log Indicators:

  • Unexpected grub configuration changes
  • Secure boot violation logs

Network Indicators:

  • Not network exploitable

SIEM Query:

Search for grub configuration file modifications or secure boot events

📊 Metadata

CVE ID: CVE-2024-45777
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.04% exploit probability (11.6th percentile)
Published: February 19, 2025
Last Updated: November 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45777, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)