Red Hat alert RHSA-2025:6990-01 (grub2)
An update for grub2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774) * grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775) * grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776) * grub2: fs/ufs: OOB write in the heap (CVE-2024-45781) * grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783) * grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622) * grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677) * grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section. This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.Original: https://access.redhat.com/security/data/csaf/v2/advisories/2025/rhsa-2025_6990.json