grub2-2.02-162.el8_10.ML.1

エラータID: AXSA:2025-9832:02

Release date: 
Monday, April 7, 2025 - 10:53
Subject: 
grub2-2.02-162.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: net: Out-of-bounds write in grub_net_search_config_file() (CVE-2025-0624)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

Solution: 

Update packages.

CVEs: 
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Additional Info: 

N/A

Download: 

SRPMS
  1. grub2-2.02-162.el8_10.ML.1.src.rpm
    MD5: 6007c509fed9a9b4c5412da45e511623
    SHA-256: bd725ec939a1e4625b044c8898a1c705cdafc975a808d6324a40ba665c615b4b
    Size: 7.91 MB

Asianux Server 8 for x86_64
  1. grub2-common-2.02-162.el8_10.ML.1.noarch.rpm
    MD5: e26d91ce07f360f6787d08d86199fe66
    SHA-256: cbf9cded08a9f93583d72385fb9a243abbeccaa452cbae97c89b51d741e2c786
    Size: 896.22 kB
  2. grub2-efi-ia32-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: cd6a877e96378e5de4d0b5be78979a22
    SHA-256: d205aaf8f1b9c8a09f342ec2818cf0861bdcf2d34f20ad46e2b52df503812f11
    Size: 448.34 kB
  3. grub2-efi-ia32-cdboot-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: 069857106066f97b6ee3670b0676b2d7
    SHA-256: ce9af844622fb92c21c8b7ed03cdbd3d53fac77fd382d5d0225750b2253db93c
    Size: 1.21 MB
  4. grub2-efi-ia32-modules-2.02-162.el8_10.ML.1.noarch.rpm
    MD5: 44d950b497018a0388df1ed08a4e89f8
    SHA-256: 4575e8c0baa5882ea313e32c5f136063fe56c5f957d8af742d4a74979291f4de
    Size: 1.06 MB
  5. grub2-efi-x64-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: 43f45e553daf1c2dc23dcb2d870bd1ba
    SHA-256: 39b2668a94b891f977329d498557a12a5044541e6f3dd821466d60954e3200d9
    Size: 472.27 kB
  6. grub2-efi-x64-cdboot-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: 1c85af6963a5667028dc8b44b1172df1
    SHA-256: ef62d5d832a972be27ce0518600f3cfa5480085a38791d12a61ee60151ddb193
    Size: 1.23 MB
  7. grub2-efi-x64-modules-2.02-162.el8_10.ML.1.noarch.rpm
    MD5: fafdb194c0aa9fa8be77a014fecd2a14
    SHA-256: e25053e473f400d50aa1e05b6c4a7cdeb4184a1769471e82082aca62be1a9f77
    Size: 1.08 MB
  8. grub2-pc-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: 07d5cb66cc354e6be3611b1f92ebd7a8
    SHA-256: ff88b6abaf51007545af6718d90d0810c4d6829317f068516c9fd237618fa42e
    Size: 46.54 kB
  9. grub2-pc-modules-2.02-162.el8_10.ML.1.noarch.rpm
    MD5: 02b9145ca309e0e4d8dce79e625a28c3
    SHA-256: 20745d72eb5c5d5d3620be9103eee072d2803603230ebe059ab8a881e26e819d
    Size: 927.89 kB
  10. grub2-tools-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: b5fb3304aca968450b26264e54cc7b2b
    SHA-256: 9c0ce16c4c957c07b4dd12c0a24453b7c23c69d462ec374eb5e39ac89c97c10a
    Size: 1.99 MB
  11. grub2-tools-efi-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: 88bb7e29e6470e2cd75c6fcb17719744
    SHA-256: 4fabd18dd1a1044209497e52aff3fd77b75ab81a6f1882e5a423bf24f25fff05
    Size: 485.38 kB
  12. grub2-tools-extra-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: d8778064dc9b50be8abe1b501b3b5038
    SHA-256: 45a390499c7df3808707a883504b429aa6bfd8e1c2dbc459807240fa7ef714c1
    Size: 1.09 MB
  13. grub2-tools-minimal-2.02-162.el8_10.ML.1.x86_64.rpm
    MD5: 833fdbeb84cb3a3ba0b19078fb0d335d
    SHA-256: d80a1bf9d777dee74dd8ca94ff5c3dea8ab17d62310f4149fbb259a91fff5d9f
    Size: 215.07 kB