ALSA-2025:6990

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/9/ALSA-2025-6990.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2025:6990.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALSA-2025:6990
Related
Published
2025-05-13T00:00:00Z
Modified
2025-07-02T13:49:48Z
Summary
Moderate: grub2 security update
Details

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

  • grub2: reader/jpeg: Heap OOB Write during JPEG parsing (CVE-2024-45774)
  • grub2: commands/extcmd: Missing check for failed allocation (CVE-2024-45775)
  • grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
  • grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
  • grub2: fs/hfs+: refcount can be decremented twice (CVE-2024-45783)
  • grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
  • grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
  • grub2: read: Integer overflow may lead to out-of-bounds write (CVE-2025-0690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

References

Affected packages

AlmaLinux:9 / grub2-common

Package

Name
grub2-common
Purl
pkg:rpm/almalinux/grub2-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-efi-aa64

Package

Name
grub2-efi-aa64
Purl
pkg:rpm/almalinux/grub2-efi-aa64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-efi-aa64-cdboot

Package

Name
grub2-efi-aa64-cdboot
Purl
pkg:rpm/almalinux/grub2-efi-aa64-cdboot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-efi-aa64-modules

Package

Name
grub2-efi-aa64-modules
Purl
pkg:rpm/almalinux/grub2-efi-aa64-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-efi-x64

Package

Name
grub2-efi-x64
Purl
pkg:rpm/almalinux/grub2-efi-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-efi-x64-cdboot

Package

Name
grub2-efi-x64-cdboot
Purl
pkg:rpm/almalinux/grub2-efi-x64-cdboot

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-efi-x64-modules

Package

Name
grub2-efi-x64-modules
Purl
pkg:rpm/almalinux/grub2-efi-x64-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-pc

Package

Name
grub2-pc
Purl
pkg:rpm/almalinux/grub2-pc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-pc-modules

Package

Name
grub2-pc-modules
Purl
pkg:rpm/almalinux/grub2-pc-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-ppc64le

Package

Name
grub2-ppc64le
Purl
pkg:rpm/almalinux/grub2-ppc64le

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-ppc64le-modules

Package

Name
grub2-ppc64le-modules
Purl
pkg:rpm/almalinux/grub2-ppc64le-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-tools

Package

Name
grub2-tools
Purl
pkg:rpm/almalinux/grub2-tools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-tools-efi

Package

Name
grub2-tools-efi
Purl
pkg:rpm/almalinux/grub2-tools-efi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-tools-extra

Package

Name
grub2-tools-extra
Purl
pkg:rpm/almalinux/grub2-tools-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1

AlmaLinux:9 / grub2-tools-minimal

Package

Name
grub2-tools-minimal
Purl
pkg:rpm/almalinux/grub2-tools-minimal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.06-104.el9_6.alma.1