{"id":"AZL-57150","summary":"CVE-2025-0690 affecting package grub2 for versions less than 2.06-25","details":"The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.","modified":"2026-04-01T05:19:03.718181Z","published":"2025-02-24T08:15:09Z","upstream":["CVE-2025-0690"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0690"}],"affected":[{"package":{"name":"grub2","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/grub2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.06-25"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57150.json"}}],"schema_version":"1.7.5"}