Detections
Analytics

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-937)

high Nessus Plugin ID 234335

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-937 advisory.

 A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded. (CVE-2024-45774)

 A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data. (CVE-2024-45775)

 When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. (CVE-2024-45776)

 A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. (CVE-2024-45777)

 grub2: fs/bfs: Integer overflow in the BFS parser. (CVE-2024-45778)

 grub2: fs/bfs: Integer overflow leads to Heap OOB Read in the BFS parser (CVE-2024-45779)

 grub2: fs/tar: Integer Overflow causes Heap OOB Write (CVE-2024-45780)

 A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections. (CVE-2024-45781)

 grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382) (CVE-2024-45782)

 A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access. (CVE-2024-45783)

 A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. (CVE-2025-0622)

 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections. (CVE-2025-0624)

 A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed.
 When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms. (CVE-2025-0677)

 grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data (CVE-2025-0678)

 grub2: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (CVE-2025-0684)

 grub2: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (CVE-2025-0685)

 grub2: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat (CVE-2025-0686)

 grub2: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution (CVE-2025-0689)

 The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence. (CVE-2025-0690)

 A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory. (CVE-2025-1118)

 grub2: fs/hfs: Integer overflow may lead to heap based out-of-bounds write (CVE-2025-1125)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update grub2 --releasever 2023.7.20250414' to update your system.

See Also

https://alas.aws.amazon.com/AL2023/ALAS-2025-937.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45774.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45775.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45776.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45777.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45778.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45779.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45780.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45781.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45782.html

https://alas.aws.amazon.com/cve/html/CVE-2024-45783.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0622.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0624.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0677.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0678.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0684.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0685.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0686.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0689.html

https://alas.aws.amazon.com/cve/html/CVE-2025-0690.html

https://alas.aws.amazon.com/cve/html/CVE-2025-1118.html

https://alas.aws.amazon.com/cve/html/CVE-2025-1125.html

https://alas.aws.amazon.com/faqs.html

Plugin Details

Severity: High

ID: 234335

File Name: al2023_ALAS2023-2025-937.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/14/2025

Updated: 4/14/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-0678

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:grub2-debuginfo, p-cpe:/a:amazon:linux:grub2-efi-x64-cdboot, p-cpe:/a:amazon:linux:grub2-efi-aa64, p-cpe:/a:amazon:linux:grub2-tools-efi, p-cpe:/a:amazon:linux:grub2-efi-aa64-modules, p-cpe:/a:amazon:linux:grub2-efi-aa64-ec2, p-cpe:/a:amazon:linux:grub2-debugsource, p-cpe:/a:amazon:linux:grub2-emu, p-cpe:/a:amazon:linux:grub2-tools-extra, p-cpe:/a:amazon:linux:grub2-efi-aa64-cdboot, p-cpe:/a:amazon:linux:grub2-efi-x64-modules, p-cpe:/a:amazon:linux:grub2-pc-modules, p-cpe:/a:amazon:linux:grub2-tools-minimal-debuginfo, p-cpe:/a:amazon:linux:grub2-tools-extra-debuginfo, p-cpe:/a:amazon:linux:grub2-efi-x64, p-cpe:/a:amazon:linux:grub2-emu-debuginfo, p-cpe:/a:amazon:linux:grub2-common, p-cpe:/a:amazon:linux:grub2-tools-debuginfo, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:grub2-pc, p-cpe:/a:amazon:linux:grub2-tools-minimal, p-cpe:/a:amazon:linux:grub2-tools, p-cpe:/a:amazon:linux:grub2-tools-efi-debuginfo, p-cpe:/a:amazon:linux:grub2-efi-x64-ec2, p-cpe:/a:amazon:linux:grub2-emu-modules

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2025

Vulnerability Publication Date: 4/11/2024

Reference Information

CVE: CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783, CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125