Description:
The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.
Security Fix(es):
* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. (CVE-2024-45776)
* grub2: fs/ufs: OOB write in the heap (CVE-2024-45781)
* grub2: command/gpg: Use-after-free due to hooks not being removed on module unload (CVE-2025-0622)
* grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (CVE-2025-0677)
* grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled (CVE-2025-1118)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
grub2-common-2.12-15.el10_0.alma.1.noarch.rpm |
10d34fa091dd5509dd851c15e1dcdd6c7267369e34578e39e62c6d8d9a580328 |
| noarch |
grub2-efi-aa64-modules-2.12-15.el10_0.alma.1.noarch.rpm |
2685ce5f8ee053b3c923cf8f3f3b35e9bd4a362ccca7d830a5d421414dba3482 |
| noarch |
grub2-pc-modules-2.12-15.el10_0.alma.1.noarch.rpm |
9f462d4092a8b459dd2ccf0e90bc78bb6c9bc2e9baa40cd7011ce1701dbb1169 |
| noarch |
grub2-efi-x64-modules-2.12-15.el10_0.alma.1.noarch.rpm |
b6a5e895111465b5609ddfc06a19983ea21a98ab4e68a41c16565796056a8091 |
| noarch |
grub2-ppc64le-modules-2.12-15.el10_0.alma.1.noarch.rpm |
bdb7903060e02fd572719360c7c9f1116c4f1a72216e6910a4ad8896b304740f |
