CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

CVE-2025-61663

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-61661

CVE-2025-61661 affects the GRUB2 bootloader. The vulnerability stems from the USB string conversion handling, allowing a local attacker with a malicious USB device connected during boot to trigger inconsistent length values, potentially crashing GRUB (DoS) and possibly causing data corruption (im...

CVE-2025-61661 Grub2: grub2: out-of-bounds write via malicious usb device

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

CVE-2025-54771

Concrete details available: CVE-2025-54771 is a use-after-free in GRUB2's file-closing path. The flaw arises when grub_file_close() fails to drop the fs refcount, leaving a stale pointer to a filesystem structure. Exploitation could cause GRUB to crash, yielding Denial of Service; data integrity/...

CVE-2025-54771

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

CVE-2025-54770

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...

PT-2025-47380

Name of the Vulnerable Software and Affected Versions GRUB affected versions not specified Description A Use-After-Free issue exists in GRUB's gettext module. This occurs because the gettext command remains registered in memory after its module is unloaded. Exploitation involves invoking the...

PT-2025-47382

Name of the Vulnerable Software and Affected Versions GRUB2 affected versions not specified Description A memory Use After Free issue exists in the GRUB2 bootloader's normal module. The problem arises because the normal exit command is not correctly unregistered when its associated module is...

Linux Distros Unpatched Vulnerability : CVE-2025-54770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free...

PT-2025-47376

Name of the Vulnerable Software and Affected Versions GRUB2 affected versions not specified Description A flaw exists in the GRUB2 bootloader’s network module that can lead to a Denial of Service DoS. This is a Use-after-Free issue stemming from improper unregistration of the net set vlan command...

GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB, which originates from the reuse of the gettext module after its release, and could lead to a denial of service or data disclosure...

Linux Distros Unpatched Vulnerability : CVE-2025-61663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free...

PT-2025-47381

Name of the Vulnerable Software and Affected Versions GRUB2 Bootloader affected versions not specified Description A Use-after-Free issue exists in the GRUB2 bootloader’s normal command. The flaw occurs because the normal command is not properly unregistered when the module is unloaded. An attack...

CVE-2025-35968

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990740)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990740 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: zero idisksize when initializing the bootloader inode If the boot loader inode has never...

EUVD-2025-93472

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2025-35968

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...