CVE-2024-45779: 
Alma Linux vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2024-45779) was discovered in the BFS file system driver of GRUB2. The vulnerability affects GRUB2 versions from 2.12 and was disclosed on February 18, 2025. The flaw occurs when reading a file with an indirect extent map, where GRUB2 fails to validate the number of extent entries to be read (NVD, Debian Tracker).

The vulnerability is caused by an integer overflow in the BFS file system driver's file reading functionality. When processing a file with an indirect extent map, the driver fails to properly validate the number of extent entries, leading to a heap out-of-bounds read condition. The vulnerability has been assigned a CVSS v3.1 base score of 4.1 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N, indicating local access requirements and high privileges needed for exploitation (NVD, GRUB Devel).

The exploitation of this vulnerability can lead to sensitive data leakage or cause GRUB2 to crash. When a crafted or corrupted BFS filesystem is processed, the integer overflow during file reading can result in unauthorized access to memory contents through heap out-of-bounds read operations (NVD, Security Online).

The vulnerability has been fixed in GRUB2 version 2.12-7 for Debian systems. Full mitigation requires an updated shim with the latest SBAT (Secure Boot Advanced Targeting) data. Vendors are advised to update their GRUB2 packages and associated boot artifacts. The fix involves proper validation of extent entries when reading BFS filesystems (Debian Tracker, GRUB Devel).

The vulnerability was disclosed as part of a larger security update addressing multiple GRUB2 vulnerabilities. The disclosure was coordinated with major Linux distributions and vendors to ensure synchronized patching and mitigation efforts. The security community has noted this as part of a proactive hardening effort in the GRUB2 codebase (Security Online).