CVE-2025-0690

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-0690

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0690.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0690

Downstream

BELL-CVE-2025-0690

DEBIAN-CVE-2025-0690

OESA-2025-1216

OESA-2025-1217

OESA-2025-1218

OESA-2025-1291

OESA-2025-1292

RHSA-2025:6990

RLSA-2025:6990

SUSE-SU-2025:0586-1

SUSE-SU-2025:0587-1

SUSE-SU-2025:0588-1

SUSE-SU-2025:0607-1

SUSE-SU-2025:0629-1

UBUNTU-CVE-2025-0690

openSUSE-SU-2025:14822-1

Related

Withdrawn

2026-01-27T04:19:54.525487Z

Published

2025-02-24T08:15:09Z

Modified

2026-01-27T04:19:54.525487Z

Summary

[none]

Details

The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.

References

Affected packages