7.8
CVE-2025-61662
- EPSS 0.19%
- Veröffentlicht 18.11.2025 18:20:48
- Zuletzt bearbeitet 30.06.2026 05:17:26
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Grub2: missing unregister call for gettext command may lead to use-after-free
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.093 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://access.redhat.com/security/cve/CVE-2025-61662
https://bugzilla.redhat.com/show_bug.cgi?id=2414683
http://www.openwall.com/lists/oss-security/2025/11/18/5
https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html
https://access.redhat.com/errata/RHSA-2026:4649
https://access.redhat.com/errata/RHSA-2026:4652
https://access.redhat.com/errata/RHSA-2026:4654
https://access.redhat.com/errata/RHSA-2026:4648
https://access.redhat.com/errata/RHSA-2026:4653
https://access.redhat.com/errata/RHSA-2026:4760
https://access.redhat.com/errata/RHSA-2026:4830
https://access.redhat.com/errata/RHSA-2026:4822
https://access.redhat.com/errata/RHSA-2026:4823
https://access.redhat.com/errata/RHSA-2026:4900
https://access.redhat.com/errata/RHSA-2026:4998
https://access.redhat.com/errata/RHSA-2026:5074
https://access.redhat.com/errata/RHSA-2026:5233
https://access.redhat.com/errata/RHSA-2026:5127
https://access.redhat.com/errata/RHSA-2026:6492
https://access.redhat.com/errata/RHSA-2026:7243
https://access.redhat.com/errata/RHSA-2026:7239
https://access.redhat.com/errata/RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:17596