grub2-tools-extra (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package grub2-tools-extra, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2022-2601 — CVSS 8.6 (high): A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the…
CVE-2022-28734 — CVSS 8.1 (high): Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal…
CVE-2022-28733 — CVSS 8.1 (high): Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets(…
CVE-2025-61662 — CVSS 7.8 (high): A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext…
CVE-2025-0624 — CVSS 7.6 (high): A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user…
CVE-2023-4692 — CVSS 7.5 (high): An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted…
CVE-2022-3775 — CVSS 7.1 (high): When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained…
CVE-2021-3697 — CVSS 7.0 (high): A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a…
CVE-2023-4001 — CVSS 6.8 (medium): An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file…
CVE-2024-45781 — CVSS 6.7 (medium): A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an…
CVE-2022-28735 — CVSS 6.7 (medium): The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded…
CVE-2024-45774 — CVSS 6.7 (medium): A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal…
CVE-2024-45776 — CVSS 6.7 (medium): When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A…
CVE-2024-45777 — CVSS 6.7 (medium): A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position()…
CVE-2022-28737 — CVSS 6.5 (medium): There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function…
CVE-2025-0622 — CVSS 6.4 (medium): A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded…
CVE-2022-28736 — CVSS 6.4 (medium): There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems…
CVE-2025-0677 — CVSS 6.4 (medium): A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal…
CVE-2025-0690 — CVSS 6.1 (medium): The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is…
CVE-2023-4693 — CVSS 5.3 (medium): An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a…
CVE-2024-45775 — CVSS 5.2 (medium): A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's…
CVE-2021-3695 — CVSS 4.5 (medium): A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause…
CVE-2021-3696 — CVSS 4.5 (medium): A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap…
CVE-2024-45783 — CVSS 4.4 (medium): A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This…
CVE-2024-1048 — CVSS 3.3 (low): A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary…