LiveActive security incident?Get immediate response
CVE Record

CVE-2024-45778: Grub2: fs/bfs: integer overflow in the bfs parser.

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

MediumCVSS 4.1Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-45778 is a grub2 BFS filesystem parser flaw that can crash the bootloader when it reads a specially crafted BFS filesystem. The documented impact is denial of service, not data theft or code execution. The supplied Red Hat product entries are marked unaffected.

Executive priority

Handle through normal vulnerability management unless your environment uses custom grub2 builds or accepts untrusted boot media. The available evidence points to constrained denial-of-service risk, with no confirmed exploitation and Red Hat-listed platforms marked unaffected.

Technical view

The issue is described as an integer overflow and stack overflow condition in grub2 fs/bfs parsing. A crafted BFS filesystem may trigger an uncontrolled loop and crash grub2. CVSS 3.1 is 4.1, with local attack vector, high attack complexity, high privileges required, and availability impact only.

Likely exposure

Exposure appears limited to grub2 environments that can be made to parse a crafted BFS filesystem. The provided Red Hat records list RHEL 7, 8, 9, 10 and OpenShift Container Platform 4/RHCOS as unaffected. No other affected vendor build is identified in the bundle.

Exploitation context

The bundle does not show CISA KEV listing or cited active exploitation. The CVSS vector indicates local access, high privileges, and high complexity are required. Treat this primarily as a bootloader availability risk unless vendor-specific evidence says otherwise.

Researcher notes

Evidence is incomplete for non-Red Hat distributions or custom grub2 builds. The source bundle names the bug class and crash behavior but does not provide a universal affected-version range or specific remediation. Avoid assuming exploitability beyond the local, privileged, high-complexity CVSS context.

Mitigation direction

  • Check your OS or appliance vendor advisory for grub2 package status.
  • Confirm whether your deployed grub2 build includes the BFS parser exposure.
  • Limit administrative access to boot media and bootloader configuration.
  • Keep bootloader packages on vendor-supported update channels.
  • For Red Hat-listed products, verify the vendor status remains unaffected.

Validation and detection

  • Inventory systems and images that use grub2.
  • Compare installed grub2 packages against vendor advisories for CVE-2024-45778.
  • Review whether BFS filesystem parsing is present or relevant in your builds.
  • Check bootloader update history for vendor security fixes.
  • Document any custom grub2 builds for separate vendor or maintainer review.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-190: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Container behavior lookup

The affected technology mentions containers, so container-specific ATT&CK technique review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2024-45778 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
4.1 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
5Timeline events
1ADP providers
4Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
4.1CVSS 3.1MediumCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H0.53.6redhat

Vulnerability scoring details

Base CVSS 3.1 score

4.1Medium
CVSS 3.1 vector shape for CVE-2024-45778Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. Source timelineredhat

    Reported to Red Hat.

  3. Source timelineredhat

    Made public.

  4. CVE publishedCVE Program

    The CVE record was published.

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Unknown vendorgrub2grub2, 0unaffected
Red HatRed Hat Enterprise Linux 10grub2unaffected
Red HatRed Hat Enterprise Linux 7grub2unaffected
Red HatRed Hat Enterprise Linux 8grub2unaffected
Red HatRed Hat Enterprise Linux 9grub2unaffected
Red HatRed Hat OpenShift Container Platform 4rhcosunaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-190 · source CWE mapping

Integer Overflow or Wraparound

Integer Overflow or Wraparound represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.