{"id":"CLSA-2025-1744717794","summary":"grub2: Fix of 5 CVEs","details":"- CVE-2025-0624: net: Out-of-bounds write in grub_net_search_configfile()\n- CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write\n- CVE-2025-1118: commands/dump: The dump command is not in lockdown when\n  secure boot is enabled\n- CVE-2025-0678: squash4: Integer overflow may lead to heap based\n  out-of-bounds write when reading data\n- CVE-2025-1125: fs/hfs: Integer overflow may lead to heap based\n  out-of-bounds write","modified":"2026-05-27T11:34:50.541029138Z","published":"2025-04-15T11:50:00Z","upstream":["CVE-2025-0624","CVE-2025-0678","CVE-2025-0690","CVE-2025-1118","CVE-2025-1125"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/oraclelinux7-els/CLSA-2025-1744717794.html"}],"affected":[{"package":{"name":"grub2","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-common","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-common?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-efi-ia32","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-efi-ia32?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-efi-ia32-cdboot","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-efi-ia32-cdboot?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-efi-ia32-modules","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-efi-ia32-modules?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-efi-x64","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-efi-x64?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-efi-x64-cdboot","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-efi-x64-cdboot?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-efi-x64-modules","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-efi-x64-modules?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-pc","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-pc?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-pc-modules","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-pc-modules?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-tools","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-tools?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-tools-extra","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-tools-extra?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}},{"package":{"name":"grub2-tools-minimal","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/grub2-tools-minimal?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.02-0.87.0.26.el7_9.14.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1744717794.json"}}],"schema_version":"1.7.5"}