CVE-2024-45778: 
Alma Linux vulnerability analysis and mitigation

A stack overflow vulnerability (CVE-2024-45778) was discovered in the BFS (Boot File System) parser of GRUB2. The vulnerability was disclosed on March 3, 2025, affecting GRUB2 versions from 2.12 and various Red Hat Enterprise Linux distributions. This flaw occurs when reading a BFS file system and could potentially lead to system crashes (NVD, CVE).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) with a CVSS v3.1 base score of 5.5 (Medium) according to NIST, and 4.1 (Medium) according to Red Hat. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements with low attack complexity and privilege requirements (NVD).

When exploited, this vulnerability can cause an uncontrolled loop in GRUB2, leading to system crashes. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (NVD, Red Hat).

The vulnerability has been fixed in GRUB2 version 2.12-7 for Debian systems. Ubuntu's Secure Boot implementation is not affected by this vulnerability in the grub2 package, though grub2-unsigned contains related security fixes (Ubuntu, Debian).