摘要:
grub2 security update
安全等级: High
公告ID: KylinSec-SA-2025-2596
发布日期: 2025年8月26日
关联CVE: CVE-2024-45779 CVE-2024-56737 CVE-2025-0677 CVE-2024-45774 CVE-2025-0624 CVE-2025-1125 CVE-2024-45780 CVE-2024-45778 CVE-2025-0622
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.
Security Fix(es):
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.(CVE-2024-45774)
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.(CVE-2024-45778)
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.(CVE-2024-45779)
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.(CVE-2024-45780)
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.(CVE-2024-56737)
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.(CVE-2025-0622)
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.(CVE-2025-0624)
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.(CVE-2025-0677)
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.(CVE-2025-1125)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-45779 | KY3.5.3 | grub2 | Fixed |
| CVE-2024-56737 | KY3.5.3 | grub2 | Fixed |
| CVE-2025-0677 | KY3.5.3 | grub2 | Fixed |
| CVE-2024-45774 | KY3.5.3 | grub2 | Fixed |
| CVE-2025-0624 | KY3.5.3 | grub2 | Fixed |
| CVE-2025-1125 | KY3.5.3 | grub2 | Fixed |
| CVE-2024-45780 | KY3.5.3 | grub2 | Fixed |
| CVE-2024-45778 | KY3.5.3 | grub2 | Fixed |
| CVE-2025-0622 | KY3.5.3 | grub2 | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| grub2-common | noarch | 2.06-52.ky3_5.kb1 |
| grub2-efi-aa64-modules | noarch | 2.06-52.ky3_5.kb1 |
| grub2-efi-ia32-modules | noarch | 2.06-52.ky3_5.kb1 |
| grub2-efi-x64-modules | noarch | 2.06-52.ky3_5.kb1 |
| grub2-help | noarch | 2.06-52.ky3_5.kb1 |
| grub2-pc-modules | noarch | 2.06-52.ky3_5.kb1 |
| grub2-efi-ia32 | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-efi-ia32-cdboot | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-efi-x64 | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-efi-x64-cdboot | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-pc | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-tools | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-tools-efi | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-tools-extra | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-tools-minimal | x86_64 | 2.06-52.ky3_5.kb1 |
| grub2-efi-aa64 | aarch64 | 2.06-52.ky3_5.kb1 |
| grub2-efi-aa64-cdboot | aarch64 | 2.06-52.ky3_5.kb1 |
| grub2-tools | aarch64 | 2.06-52.ky3_5.kb1 |
| grub2-tools-extra | aarch64 | 2.06-52.ky3_5.kb1 |
| grub2-tools-minimal | aarch64 | 2.06-52.ky3_5.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
