CVE-2024-45783: 
Linux Debian vulnerability analysis and mitigation

A flaw was discovered in grub2's HFS+ filesystem driver (CVE-2024-45783). When failing to mount an HFS+ filesystem, the hfsplus filesystem driver doesn't properly set an ERRNO value, which can lead to a NULL pointer access. The vulnerability was disclosed on February 18, 2025, and affects various Linux distributions including Red Hat and Debian (NVD, Red Hat CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The issue specifically occurs in the filesystem driver's error handling routine where a failure to properly set an ERRNO value can result in a NULL pointer access (OSS Security).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. The NULL pointer access could lead to system crashes or instability when attempting to mount HFS+ filesystems (NVD).

A fix has been released in the Debian sid version 2.12-7. Other distributions are in various states of addressing the vulnerability. For Debian systems, the vulnerability affects multiple releases including bullseye, bookworm, and trixie, with only sid currently having a fixed version (Debian Security).