Bug#1098319: marked as done (grub2: CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125)

Debian Bug Tracking System Thu, 13 Mar 2025 13:03:22 -0700

Your message dated Thu, 13 Mar 2025 21:01:01 +0100
with message-id <z9m5fwfhncbcl...@eldamar.lan>
and subject line Re: Accepted grub2 2.12-6 (source) into unstable
has caused the Debian Bug report #1098319,
regarding grub2: CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 
CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 
CVE-2024-45783 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 
CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 
CVE-2025-1118 CVE-2025-1125
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1098319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: grub2
Version: 2.12-5
Severity: grave
Tags: upstream security
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerabilities were published for grub2.

CVE-2024-45774[0]:
| A flaw was found in grub2. A specially crafted JPEG file can cause
| the JPEG parser of grub2 to incorrectly check the bounds of its
| internal buffers, resulting in an out-of-bounds write. The
| possibility of overwriting sensitive information to bypass secure
| boot protections is not discarded.


CVE-2024-45775[1]:
| A flaw was found in grub2 where the grub_extcmd_dispatcher()
| function calls grub_arg_list_alloc() to allocate memory for the
| grub's argument list. However, it fails to check in case the memory
| allocation fails. Once the allocation fails, a NULL point will be
| processed by the parse_option() function, leading grub to crash or,
| in some rare scenarios, corrupt the IVT data.


CVE-2024-45776[2]:
| When reading the language .mo file in grub_mofile_open(), grub2
| fails to verify an integer overflow when allocating its internal
| buffer. A crafted .mo file may lead the buffer size calculation to
| overflow, leading to out-of-bound reads and writes. This flaw allows
| an attacker to leak sensitive data or overwrite critical data,
| possibly circumventing secure boot protections.


CVE-2024-45777[3]:
| grub-core/gettext: Integer overflow leads to Heap OOB Write


CVE-2024-45778[4]:
| fs/bfs: Integer overflow in the BFS parser


CVE-2024-45779[5]:
| fs/bfs: Integer overflow leads to Heap OOB Read (Write?) in the
| BFS parser


CVE-2024-45780[6]:
| fs/tar: Integer Overflow causes Heap OOB Write


CVE-2024-45781[7]:
| A flaw was found in grub2. When reading a symbolic link's name from
| a UFS filesystem, grub2 fails to validate the string length taken as
| an input. The lack of validation may lead to a heap out-of-bounds
| write, causing data integrity issues and eventually allowing an
| attacker to circumvent secure boot protections.


CVE-2024-45782[8]:
| fs/hfs: strcpy() using the volume name (fs/hfs.c:382)


CVE-2024-45783[9]:
| A flaw was found in grub2. When failing to mount an HFS+ grub, the
| hfsplus filesystem driver doesn't properly set an ERRNO value. This
| issue may lead to a NULL pointer access.


CVE-2025-0622[10]:
| A flaw was found in command/gpg. In some scenarios, hooks created by
| loaded modules are not removed when the related module is unloaded.
| This flaw allows an attacker to force grub2 to call the hooks once
| the module that registered it was unloaded, leading to a use-after-
| free vulnerability. If correctly exploited, this vulnerability may
| result in arbitrary code execution, eventually allowing the attacker
| to bypass secure boot protections.


CVE-2025-0624[11]:
| net: Out-of-bounds write in grub_net_search_config_file()


CVE-2025-0677[12]:
| UFS: Integer overflow may lead to heap based out-of-bounds write when
| handling symlinks


CVE-2025-0678[13]:
| squash4: Integer overflow may lead to heap based out-of-bounds write
| when reading data


CVE-2025-0684[14]:
| reiserfs: Integer overflow when handling symlinks may lead to heap
| based out-of-bounds write when reading data


CVE-2025-0685[15]:
| jfs: Integer overflow when handling symlinks may lead to heap based
| out-of-bounds write when reading data


CVE-2025-0686[16]:
| romfs: Integer overflow when handling symlinks may lead to heap based
| out-of-bounds write when reading data


CVE-2025-0689[17]:
| udf: Heap based buffer overflow in grub_udf_read_block() may lead to
| arbitrary code execution


CVE-2025-0690[18]:
| read: Integer overflow may lead to out-of-bounds write


CVE-2025-1118[19]:
| commands/dump: The dump command is not in lockdown when secure boot
| is enabled


CVE-2025-1125[20]:
| fs/hfs: Interger overflow may lead to heap based out-of-bounds write


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-45774
    https://www.cve.org/CVERecord?id=CVE-2024-45774
[1] https://security-tracker.debian.org/tracker/CVE-2024-45775
    https://www.cve.org/CVERecord?id=CVE-2024-45775
[2] https://security-tracker.debian.org/tracker/CVE-2024-45776
    https://www.cve.org/CVERecord?id=CVE-2024-45776
[3] https://security-tracker.debian.org/tracker/CVE-2024-45777
    https://www.cve.org/CVERecord?id=CVE-2024-45777
[4] https://security-tracker.debian.org/tracker/CVE-2024-45778
    https://www.cve.org/CVERecord?id=CVE-2024-45778
[5] https://security-tracker.debian.org/tracker/CVE-2024-45779
    https://www.cve.org/CVERecord?id=CVE-2024-45779
[6] https://security-tracker.debian.org/tracker/CVE-2024-45780
    https://www.cve.org/CVERecord?id=CVE-2024-45780
[7] https://security-tracker.debian.org/tracker/CVE-2024-45781
    https://www.cve.org/CVERecord?id=CVE-2024-45781
[8] https://security-tracker.debian.org/tracker/CVE-2024-45782
    https://www.cve.org/CVERecord?id=CVE-2024-45782
[9] https://security-tracker.debian.org/tracker/CVE-2024-45783
    https://www.cve.org/CVERecord?id=CVE-2024-45783
[10] https://security-tracker.debian.org/tracker/CVE-2025-0622
    https://www.cve.org/CVERecord?id=CVE-2025-0622
[11] https://security-tracker.debian.org/tracker/CVE-2025-0624
    https://www.cve.org/CVERecord?id=CVE-2025-0624
[12] https://security-tracker.debian.org/tracker/CVE-2025-0677
    https://www.cve.org/CVERecord?id=CVE-2025-0677
[13] https://security-tracker.debian.org/tracker/CVE-2025-0678
    https://www.cve.org/CVERecord?id=CVE-2025-0678
[14] https://security-tracker.debian.org/tracker/CVE-2025-0684
    https://www.cve.org/CVERecord?id=CVE-2025-0684
[15] https://security-tracker.debian.org/tracker/CVE-2025-0685
    https://www.cve.org/CVERecord?id=CVE-2025-0685
[16] https://security-tracker.debian.org/tracker/CVE-2025-0686
    https://www.cve.org/CVERecord?id=CVE-2025-0686
[17] https://security-tracker.debian.org/tracker/CVE-2025-0689
    https://www.cve.org/CVERecord?id=CVE-2025-0689
[18] https://security-tracker.debian.org/tracker/CVE-2025-0690
    https://www.cve.org/CVERecord?id=CVE-2025-0690
[19] https://security-tracker.debian.org/tracker/CVE-2025-1118
    https://www.cve.org/CVERecord?id=CVE-2025-1118
[20] https://security-tracker.debian.org/tracker/CVE-2025-1125
    https://www.cve.org/CVERecord?id=CVE-2025-1125
[21] https://www.openwall.com/lists/oss-security/2025/02/18/3
[22] https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: grub2
Source-Version: 2.12-6

Fixes as well #1098319.  Closing manually.

Regards,
Salvatore

On Thu, Mar 13, 2025 at 12:34:25PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Format: 1.8
> Date: Sat, 15 Feb 2025 17:17:14 +0000
> Source: grub2
> Architecture: source
> Version: 2.12-6
> Distribution: unstable
> Urgency: medium
> Maintainer: GRUB Maintainers <pkg-grub-de...@alioth-lists.debian.net>
> Changed-By: Mate Kukri <mate.ku...@canonical.com>
> Closes: 1034905 1035052
> Changes:
>  grub2 (2.12-6) unstable; urgency=medium
>  .
>    [ Mate Kukri ]
>    * Fix out of bounds XSDT access, re-enable ACPI SPCR table support
>  .
>    [ Miroslav Kure ]
>    * Updated Czech translation of grub debconf messages. (Closes: #1035052)
>  .
>    [ Viktar Siarheichyk ]
>    * Updated Belarusian translation. (Closes: #1034905)
>  .
>    [ Carles Pina i Estany ]
>    * Update translation
>  .
>    [ Felix Zielcke ]
>    * Move d/legacy/* files to grub-legacy.
>    * Remove traces of ../legacy/ dir in d/rules.
>  .
>    [ Mate Kukri ]
>    * Cherry-pick upstream security patches
>    * Bump SBAT level to grub,5
>    * SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 
> markers in JPEG
>      - CVE-2024-45774
>    * SECURITY UPDATE: commands/extcmd: Missing check for failed allocation
>      - CVE-2024-45775
>    * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or 
> read
>      - CVE-2024-45776
>    * SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write
>      - CVE-2024-45777
>    * SECURITY UPDATE: fs/bfs: Integer overflow
>      - CVE-2024-45778
>    * SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read
>      - CVE-2024-45779
>    * SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write
>      - CVE-2024-45780
>    * SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write
>      - CVE-2024-45781
>    * SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write
>      - CVE-2024-45782
>    * SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF
>      - CVE-2024-45783
>    * SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being 
> removed on module unload
>      - CVE-2025-0622
>    * SECURITY UPDATE: net: Out-of-bounds write in 
> grub_net_search_config_file()
>      - CVE-2025-0624
>    * SECURITY UPDATE: UFS: Integer overflow may lead to heap based 
> out-of-bounds write when handling symlinks
>      - CVE-2025-0677
>    * SECURITY UPDATE: squash4: Integer overflow may lead to heap based 
> out-of-bounds write when reading data
>      - CVE-2025-0678
>    * SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may 
> lead to heap based out-of-bounds write when reading data
>      - CVE-2025-0684
>    * SECURITY UODATE: jfs: Integer overflow when handling symlinks may lead 
> to heap based out-of-bounds write when reading data
>      - CVE-2025-0685
>    * SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead 
> to heap based out-of-bounds write when reading data
>      - CVE-2025-0686
>    * SECURITY UPDATE: udf: Heap based buffer overflow  in 
> grub_udf_read_block() may lead to arbitrary code execution
>      - CVE-2025-0689
>    * SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write
>      - CVE-2025-0690
>    * SECURITY UPDATE: commands/dump: The dump command is not in lockdown when 
> secure boot is enabled
>      - CVE-2025-1118
>    * SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based 
> out-of-bounds write
>      - CVE-2025-1125
>    * SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: 
> #2055835]
> Checksums-Sha1:
>  d764d10afadae0a043eef899991def448bc320a9 8170 grub2_2.12-6.dsc
>  2b1f6a6d522e7d8d29c55500e886e2eef3cf31d5 1126120 grub2_2.12-6.debian.tar.xz
>  19ec12e8e70a1c6a0d226d1b58dc1ebe3fc54755 14378 grub2_2.12-6_source.buildinfo
> Checksums-Sha256:
>  21cc66a4cc4bedc6dbea36537c65be5ce8a70cccccc4e79ff48275af9ba1c485 8170 
> grub2_2.12-6.dsc
>  c61e7a03feaf2ad5865965523ec0d18720c4bd405806651079d65a35c0a7c0f7 1126120 
> grub2_2.12-6.debian.tar.xz
>  11eba76b2825795af90f74e674b47305761d99706760b84259f095d7222d1c85 14378 
> grub2_2.12-6_source.buildinfo
> Files:
>  53645cecf021c946131747fc5f9f75db 8170 admin optional grub2_2.12-6.dsc
>  cd7dd03ae41e15594dbbd0b4276fcf30 1126120 admin optional 
> grub2_2.12-6.debian.tar.xz
>  cff522218af2ffa4253e0927eeea4ad6 14378 admin optional 
> grub2_2.12-6_source.buildinfo
> 
> 
> -----BEGIN PGP SIGNATURE-----
> 
> wsG7BAEBCgBvBYJn0rQmCRBvpFjdHbA/cUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
> cy5zZXF1b2lhLXBncC5vcmd/TLwe1m2zl8hSozpuK2bqQVoBK8vA9iFPtJyF3jdd
> ARYhBE+1iKhMLd55p0x3h2+kWN0dsD9xAACm9xAAkIS1oOoWluq8+9qlMSNzkvJY
> UTZx7AbS7wpN25a4JSZUaQBuYYVGHKGEkBt2iOUSgRSVOlkzfvb3f5xdYhNRVbl4
> 0E2yToCnXbaAJXdo9xqqesytYRuYBo3LnLQF9Ya/8UnZfAQ2g0lJhB+hayCHTPwA
> hWieU463qIAG6sSqqKLx2rF3xXfb4CJYAguq0HXTnOS+fHiImf/MOFdXIrho2u/B
> Vy8IkWsQt4ClIZJ0XsfQyLfEaI3MyYWiQTEPSpKL6sNz8uoqrY3/bq4vaSj3Obh4
> DeFdWMlakpoZaFijBzS5ReX/xbQsDPbQQWeWWFOpfBKZW2v/hGJTAWCHF87fzOzj
> SRltjMEsuCF3rSC6TQh9yoSfApsmpP2BwnSCkHi25ZruXLWyhTOK7RYuMkX7F4vl
> zGgQdnomii+dV1FRFtFlNWP+U1bhEDK9NgS7Ja6Rhskw+EppTViVjoKiw04AkjzV
> r1tl00rmneFLHUSM4wW1vdiewoZ7XCRFDUdNvzV+/OvpWpuhkzXUaS7OdHji9WsD
> WgEdYRz8ioh5A0Ezk9XXmOJte1oo4Ah0lyVcU2vy3uAc4sBUc1YoF+dBFdxfOHcl
> JsEEr2u8pP9RVumnFIaU0EsSJMXz/LP+VzvfRepHB62/7xg8ifMPEbW9VBO+5JpJ
> 3hX9pyNsJsynEAOTo6U=
> =sH1X
> -----END PGP SIGNATURE-----
>

--- End Message ---

Reply via email to