CVE-2024-56737
CVE-2024-56737
In short
GNU GRUB version 2.12 and earlier has a memory overflow vulnerability in its HFS filesystem handler. An attacker can crash or potentially take control of the boot process by creating a malicious HFS disk with specially crafted data.
Technical detail
Heap-based buffer overflow in fs/hfs.c triggered during parsing of superblock data in HFS filesystems. Attack vector requires local access to craft malicious HFS media; impact includes denial of service and potential code execution at boot-time privilege level.
Summary generated and translated by AI from the official description.
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
GNU · GRUB2Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://savannah.gnu.org/bugs/?66599