AZL-57049

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57049.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57049

Upstream

CVE-2025-0624

Published

2025-02-19T19:15:15Z

Modified

2026-04-01T05:19:01.109792Z

Summary

CVE-2025-0624 affecting package grub2 for versions less than 2.06-24

Details

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0624

Affected packages

Azure Linux:3 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-24

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57049.json"