Home

CVE-2024-56737

Description

GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.149

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-2.12-150600.8.18.2.x86_64.rpmLinux
SUSE-SU-2025:0586-1(Server Applications Module 15-SP6) grub2-x86_64-xen-2.12-150600.8.18.2.noarch.rpmLinux
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-x86_64-efi-2.12-150600.8.18.2.noarch.rpmLinux
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-systemd-sleep-plugin-2.12-150600.8.18.2.noarch.rpmLinux
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-snapper-plugin-2.12-150600.8.18.2.noarch.rpmLinux
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-i386-pc-2.12-150600.8.18.2.noarch.rpmLinux
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-debugsource-2.12-150600.8.18.2.x86_64.rpmLinux
SUSE-SU-2025:0586-1(Basesystem Module 15-SP6) grub2-debuginfo-2.12-150600.8.18.2.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-tools-minimal-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-tools-extra-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-tools-efi-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-tools-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-pc-modules-2.06-61.amzn2023.0.14.noarch.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-pc-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-emu-modules-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-emu-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-efi-x64-modules-2.06-61.amzn2023.0.14.noarch.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-efi-x64-ec2-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-efi-x64-cdboot-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-efi-x64-2.06-61.amzn2023.0.14.x86_64.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-efi-aa64-modules-2.06-61.amzn2023.0.14.noarch.rpmLinux
grub2 Security Update (ALAS-2025-847) grub2-common-2.06-61.amzn2023.0.14.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234