grub2-common (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package grub2-common, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2025-61662 — CVSS 7.8 (high): A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext…
CVE-2024-45776 — CVSS 6.7 (medium): When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A…
CVE-2024-45781 — CVSS 6.7 (medium): A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an…
CVE-2025-0622 — CVSS 6.4 (medium): A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded…
CVE-2025-0677 — CVSS 6.4 (medium): A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal…
CVE-2025-1118 — CVSS 4.4 (medium): A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory…