CVE-2025-1118
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-1118
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1118.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-1118
- Related
- Published
- 2025-02-19T18:15:24Z
- Modified
- 2025-02-19T19:47:20.643957Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
- References
Affected packages
Debian:11 / grub2
Package
- Name
- grub2
- Purl
- pkg:deb/debian/grub2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.04-20
2.06-1
2.06-2
2.06-2+hurd.1
2.06-2+hurd.2
2.06-2+hurd.3
2.06-2+hurd.4
2.06-2+hurd.5
2.06-2+hurd.6
2.06-2+hurd.7
2.06-2+hurd.8
2.06-3~deb10u1
2.06-3~deb10u2
2.06-3~deb10u3
2.06-3~deb10u4
2.06-3~deb11u1
2.06-3~deb11u2
2.06-3~deb11u4
2.06-3~deb11u5
2.06-3~deb11u6
2.06-3
2.06-4
2.06-4+hurd.1
2.06-5
2.06-6
2.06-7
2.06-8
2.06-8+hurd.1
2.06-8.1
2.06-9
2.06-10
2.06-11
2.06-12
2.06-13
2.06-13+hurd.1
2.06-13+hurd.2
2.06-14
2.12~rc1-1
2.12~rc1-2
2.12~rc1-3
2.12~rc1-6
2.12~rc1-7
2.12~rc1-8
2.12~rc1-9
2.12~rc1-10
2.12~rc1-11
2.12~rc1-12
2.12~rc1-13
2.12-1~bpo12+1
2.12-1
2.12-1.1
2.12-2~deb13u1
2.12-2
2.12-3
2.12-4
2.12-5
2.12-5+hurd.1
Debian:12 / grub2
Package
- Name
- grub2
- Purl
- pkg:deb/debian/grub2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / grub2
Package
- Name
- grub2
- Purl
- pkg:deb/debian/grub2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected