Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-0689

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 months ago

Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.

References

https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
https://access.redhat.com/security/cve/CVE-2025-0689 vdb-entryx_refsource_REDHAT
RHBZ#2346122 x_refsource_REDHATissue-tracking
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

Affected products

grub2

=<2.12

rhcos

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

nixos-25.11 -
- nixpkgs-25.11-darwin

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

nixos-25.11 -
- nixpkgs-25.11-darwin

Package maintainers

@hehongbo Hongbo
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@digitalrane Rane <rane+git@junkyard.systems>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>