Astra Linux – Vulnerability in grub2

A vulnerability related to operations after freeing memory has been discovered in GRUB’s gettext module. This flaw arises from a programming error where the gettext command remains registered in memory even after its associated module is unloaded. An attacker can exploit this condition by invokin...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...

RockyLinux 9 : grub2 (RLSA-2026:4760)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4760 advisory. grub2: Missing unregister call for gettext command may lead to use-after-free CVE-2025-61662 Tenable has extracted the preceding description block directly from t...

RockyLinux 10 : grub2 (RLSA-2026:4649)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:4649 advisory. grub2: Missing unregister call for gettext command may lead to use-after-free CVE-2025-61662 Tenable has extracted the preceding description block directly from...

RockyLinux 9 : grub2 (RLSA-2025:20532)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:20532 advisory. grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write. CVE-2024-45777 Tenable has extracted the preceding description block directly from the...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

RLSA-2025:20532 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

RLSA-2026:4648 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Missing...

CLSA-2026-1779370563 grub2: Fix of CVE-2025-0677

CVE-2025-0677: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Astra Linux - уязвимость в grub2

A heap out-of-bounds write may occur during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. The impacts on confidentiality, integrity, and availability are considered low, as it is very complex for an attacker to control the encoding and...

Astra Linux - уязвимость в grub2

A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.64 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.65 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017477 advisory. A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB devi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017487 advisory. A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017479 advisory. A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other...

Exploit for CVE-2025-0690

CVE-2025-0690: Vulnerabilidad de Desbordamiento de Enteros en...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...