Gnu Grub2
11 CVEs affecting Gnu Grub2. Latest disclosed: 2025-11-18. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2601 | High | 8.6 | 2022-12-14 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, all… |
CVE-2025-61662 | High | 7.8 | 2025-11-18 | A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registe… |
CVE-2015-8370 | High | 7.4 | 2015-12-16 | Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a… |
CVE-2022-3775 | High | 7.1 | 2022-12-19 | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size… |
CVE-2025-61664 | Medium | 4.9 | 2025-11-18 | A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit comm… |
CVE-2025-54771 | Medium | 4.9 | 2025-11-18 | A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly ret… |
CVE-2025-54770 | Medium | 4.9 | 2025-11-18 | A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Fre… |
CVE-2025-61663 | Medium | 4.9 | 2025-11-18 | A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Fre… |
CVE-2025-61661 | Medium | 4.8 | 2025-11-18 | A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when… |
CVE-2024-56738 | | 2024-12-29 | GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. | |
CVE-2024-56737 | | 2024-12-29 | GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. |