CVE-2024-45778 – A stack overflow vulnerability in GRUB2's BFS f... (How to Fix)

Q: What is the severity of CVE-2024-45778?

CVE-2024-45778 has a CVSS score of 4.1 (MEDIUM). A stack overflow vulnerability in GRUB2's BFS filesystem parser allows an attacker to crash the bootloader by providing a specially crafted BFS filesystem. This affects systems using GRUB2 with BFS support, potentially disrupting boot processes. The vulnerability requires local access or control over boot media.

📋 TL;DR

A stack overflow vulnerability in GRUB2's BFS filesystem parser allows an attacker to crash the bootloader by providing a specially crafted BFS filesystem. This affects systems using GRUB2 with BFS support, potentially disrupting boot processes. The vulnerability requires local access or control over boot media.

💻 Affected Systems

Products:

GRUB2

Versions: All versions with BFS support (specific vulnerable versions not detailed in references)

Operating Systems: Linux distributions using GRUB2 (RHEL, Fedora, Ubuntu, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where GRUB2 attempts to read BFS filesystems; many systems may not use BFS by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

System fails to boot, requiring physical intervention or recovery media, leading to denial of service and potential data loss if filesystem corruption occurs.

🟠

Likely Case

GRUB2 crashes during boot when loading a malicious BFS filesystem, causing boot failure that requires manual recovery.

🟢

If Mitigated

Limited impact with proper access controls preventing unauthorized boot media usage; systems continue normal operation.

🌐 Internet-Facing: LOW - Requires local access to boot media or filesystem; not remotely exploitable.

🏢 Internal Only: MEDIUM - Malicious local users or compromised systems could exploit via boot media, but requires physical/administrative access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires crafting malicious BFS filesystem and getting system to read it during boot.

Exploitation requires control over boot media/filesystem; no known public exploits at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisories for specific patched versions

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-45778

Restart Required: Yes

Instructions:

1. Check vendor advisory for your distribution. 2. Update GRUB2 package via package manager. 3. Regenerate GRUB configuration. 4. Reboot system.

🔧 Temporary Workarounds

Disable BFS module

linux

Remove or disable BFS filesystem support in GRUB2 to prevent parsing of malicious BFS filesystems.

# Remove BFS module from GRUB configuration
# Edit /etc/default/grub or GRUB modules directory

Secure boot media

all

Restrict physical and administrative access to boot devices to prevent malicious BFS filesystem introduction.

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized boot media usage
Monitor for boot failures and maintain recovery media for affected systems

🔍 How to Verify

Check if Vulnerable:

Check GRUB2 version and compare against vendor patched versions; examine if BFS module is loaded.

Check Version:

grub2-install --version or rpm -q grub2 (RHEL) / dpkg -l grub2 (Debian/Ubuntu)

Verify Fix Applied:

Verify GRUB2 package version matches patched version from vendor advisory; test boot process.

📡 Detection & Monitoring

Log Indicators:

GRUB boot failures in system logs
Kernel panic messages during boot

Network Indicators:

Not network exploitable; no network indicators

SIEM Query:

Search for 'GRUB error' OR 'boot failure' OR 'kernel panic' in system logs during boot sequence

📊 Metadata

CVE ID: CVE-2024-45778

CVSS v3 Score: 4.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

EPSS Score: 0.02% exploit probability (5th percentile)

Published: March 3, 2025

Last Updated: March 7, 2025

🔗 References

https://access.redhat.com/security/cve/CVE-2024-45778 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=2345640 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45778, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Grub2 by Gnu

Openshift Container Platform by Redhat

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable BFS module

Secure boot media

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities