AZL-56937

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56937.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-56937

Upstream

CVE-2024-45775

Published

2025-02-18T20:15:19Z

Modified

2026-04-01T05:19:00.206023Z

Summary

CVE-2024-45775 affecting package grub2 for versions less than 2.06-15

Details

A flaw was found in grub2 where the grubextcmddispatcher() function calls grubarglistalloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-45775

Affected packages

Azure Linux:2 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-15

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56937.json"