{"id":"UBUNTU-CVE-2024-45778","details":"A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.","modified":"2026-01-20T17:56:06.158324Z","published":"2025-02-18T18:00:00Z","upstream":["CVE-2024-45778"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-45778"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-45778"}],"affected":[{"package":{"name":"grub2","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/grub2@2.02~beta2-9ubuntu1.21?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.00-19ubuntu2","2.00-19ubuntu3","2.00-19ubuntu4","2.00-20","2.00-21","2.00-22","2.02~beta2-5","2.02~beta2-6","2.02~beta2-7","2.02~beta2-8","2.02~beta2-9","2.02~beta2-9ubuntu1","2.02~beta2-9ubuntu1.1","2.02~beta2-9ubuntu1.2","2.02~beta2-9ubuntu1.3","2.02~beta2-9ubuntu1.4","2.02~beta2-9ubuntu1.5","2.02~beta2-9ubuntu1.6","2.02~beta2-9ubuntu1.7","2.02~beta2-9ubuntu1.8","2.02~beta2-9ubuntu1.11","2.02~beta2-9ubuntu1.12","2.02~beta2-9ubuntu1.14","2.02~beta2-9ubuntu1.15","2.02~beta2-9ubuntu1.16","2.02~beta2-9ubuntu1.17","2.02~beta2-9ubuntu1.20","2.02~beta2-9ubuntu1.21"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-common","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-coreboot","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-coreboot-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-amd64","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-arm","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-arm-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-arm64","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-ia32","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-efi-ia32-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-emu","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-firmware-qemu","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-ieee1275","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-ieee1275-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-linuxbios","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-pc","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-pc-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-rescue-pc","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-theme-starfield","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-uboot","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-uboot-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-xen","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub-xen-bin","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub2","binary_version":"2.02~beta2-9ubuntu1.21"},{"binary_name":"grub2-common","binary_version":"2.02~beta2-9ubuntu1.21"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.34.24?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.22","1.23","1.24","1.25","1.26","1.27","1.30","1.31","1.32","1.33","1.34","1.34.1","1.34.2","1.34.3","1.34.4","1.34.5","1.34.6","1.34.7","1.34.8","1.34.9","1.34.13","1.34.14","1.34.16","1.34.17","1.34.18","1.34.20","1.34.22","1.34.24"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.34.24+2.02~beta2-9ubuntu1.21"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.167~16.04.6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.55","1.56","1.57","1.58","1.59","1.61","1.62","1.63","1.64","1.65","1.66","1.66.1","1.66.2","1.66.6","1.66.7","1.66.8","1.66.9","1.66.11","1.66.12","1.66.14","1.66.15","1.66.16","1.66.17","1.66.18","1.66.19","1.66.20","1.66.21","1.66.22","1.66.23","1.66.26","1.66.27","1.66.28","1.66.29","1.167~16.04.1","1.167~16.04.2","1.167~16.04.4","1.167~16.04.6"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.167~16.04.6+2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.167~16.04.6+2.04-1ubuntu44.1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.04-1ubuntu44.1.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.1","2.04-1ubuntu44.1.2"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-arm64","binary_version":"2.04-1ubuntu44.1.2"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.04-1ubuntu44.1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.187.3~18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.85","1.86","1.87","1.89","1.91","1.92","1.93","1.93.1","1.93.2","1.93.3","1.93.4","1.93.5","1.93.7","1.93.8","1.93.10","1.93.11","1.93.13","1.93.14","1.93.15","1.93.16","1.93.18","1.93.19","1.93.20","1.93.21","1.93.22","1.93.24","1.167~18.04.1","1.167~18.04.3","1.167~18.04.5","1.173.2~18.04.1","1.187.2~18.04.1","1.187.3~18.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.187.3~18.04.1+2.06-2ubuntu14.1"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.187.3~18.04.1+2.06-2ubuntu14.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.06-2ubuntu14.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.1","2.04-1ubuntu44.1.2","2.04-1ubuntu47.4","2.06-2ubuntu14","2.06-2ubuntu14.1"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.06-2ubuntu14.1"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.06-2ubuntu14.1"},{"binary_name":"grub-efi-arm64","binary_version":"2.06-2ubuntu14.1"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.06-2ubuntu14.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.187.12~20.04?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.128","1.129","1.130","1.131","1.133","1.134","1.135","1.136","1.137","1.138","1.139","1.140","1.141","1.142","1.142.1","1.142.3","1.142.4","1.142.5","1.142.6","1.142.8","1.142.9","1.142.10","1.142.11","1.167","1.167.2","1.173.2~20.04.1","1.173.4","1.187.2~20.04.2","1.187.3~20.04.1","1.187.4~20.04.1","1.187.6~20.04.1","1.187.12~20.04"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.187.12~20.04+2.06-2ubuntu14.8"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.187.12~20.04+2.06-2ubuntu14.8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.06-2ubuntu14.8?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.2","2.04-1ubuntu47.4","2.04-1ubuntu47.5","2.06-2ubuntu14","2.06-2ubuntu14.1","2.06-2ubuntu14.2","2.06-2ubuntu14.4","2.06-2ubuntu14.8"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.06-2ubuntu14.8"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.06-2ubuntu14.8"},{"binary_name":"grub-efi-arm64","binary_version":"2.06-2ubuntu14.8"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.06-2ubuntu14.8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.187.12?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.173","1.174","1.176","1.177","1.178","1.179","1.180","1.182~22.04.1","1.187.2","1.187.3~22.04.1","1.187.4~22.04.1","1.187.6","1.187.12"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.187.12+2.06-2ubuntu14.8"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.187.12+2.06-2ubuntu14.8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.06-2ubuntu14.8?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.04-1ubuntu47","2.04-1ubuntu48","2.06-2ubuntu3","2.06-2ubuntu4","2.06-2ubuntu5","2.06-2ubuntu6","2.06-2ubuntu7","2.06-2ubuntu10","2.06-2ubuntu14","2.06-2ubuntu14.1","2.06-2ubuntu14.2","2.06-2ubuntu14.4","2.06-2ubuntu14.8"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.06-2ubuntu14.8"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.06-2ubuntu14.8"},{"binary_name":"grub-efi-arm64","binary_version":"2.06-2ubuntu14.8"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.06-2ubuntu14.8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.202.5?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.197","1.199","1.201","1.202","1.202.2","1.202.5"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.202.5+2.12-1ubuntu7.3"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.202.5+2.12-1ubuntu7.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.12-1ubuntu7.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.12~rc1-10ubuntu4","2.12~rc1-12ubuntu2","2.12-1ubuntu1","2.12-1ubuntu7","2.12-1ubuntu7.1","2.12-1ubuntu7.3"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.12-1ubuntu7.3"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.12-1ubuntu7.3"},{"binary_name":"grub-efi-arm64","binary_version":"2.12-1ubuntu7.3"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.12-1ubuntu7.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/grub2-signed@1.214?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.212","1.213","1.214"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64-signed","binary_version":"1.214+2.14~git20250718.0e36779-1ubuntu4"},{"binary_name":"grub-efi-arm64-signed","binary_version":"1.214+2.14~git20250718.0e36779-1ubuntu4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/grub2-unsigned@2.14~git20250718.0e36779-1ubuntu4?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.12-5ubuntu11","2.14~git20250718.0e36779-1ubuntu1","2.14~git20250718.0e36779-1ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_name":"grub-efi-amd64","binary_version":"2.14~git20250718.0e36779-1ubuntu4"},{"binary_name":"grub-efi-amd64-bin","binary_version":"2.14~git20250718.0e36779-1ubuntu4"},{"binary_name":"grub-efi-amd64-unsigned","binary_version":"2.14~git20250718.0e36779-1ubuntu4"},{"binary_name":"grub-efi-arm64","binary_version":"2.14~git20250718.0e36779-1ubuntu4"},{"binary_name":"grub-efi-arm64-bin","binary_version":"2.14~git20250718.0e36779-1ubuntu4"},{"binary_name":"grub-efi-arm64-unsigned","binary_version":"2.14~git20250718.0e36779-1ubuntu4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45778.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}