GNU Grub
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNU Grub.
By the Year
In 2026 there have been 0 vulnerabilities in GNU Grub. Last year, in 2025 Grub had 14 security vulnerabilities published. Right now, Grub is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 14 | 6.29 |
| 2024 | 0 | 0.00 |
| 2023 | 3 | 7.53 |
| 2022 | 5 | 6.34 |
It may take a day or so for new Grub vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Grub Security Vulnerabilities
UAF in GRUB gettext module leads to denial of service
CVE-2025-61662
7.8 - High
- November 18, 2025
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Dangling pointer
CVE-2025-61661: GRUB USB String Conv DoS
CVE-2025-61661
4.8 - Medium
- November 18, 2025
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
Incorrect Calculation of Buffer Size
Use-After-Free in GNU GRUB Causes DoS via Invalid File Pointer
CVE-2025-54771
4.9 - Medium
- November 18, 2025
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Dangling pointer
LUKS TPM Auto-Decrypt Flaw in GRUB Enables Physical Access Key Exposure
CVE-2025-4382
5.9 - Medium
- May 09, 2025
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.
Missing Authentication for Critical Function
GRUB2 ReiserFS Symlink OOB Write via Integer Overflow
CVE-2025-0684
6.4 - Medium
- March 03, 2025
A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.
Memory Corruption
GRUB2 BFS Stack Overflow Crash Vulnerability
CVE-2024-45778
4.1 - Medium
- March 03, 2025
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
Integer Overflow or Wraparound
GRUB HFS Mount strcpy OOB Heap Write Enables Secure Boot Bypass
CVE-2024-45782
7.8 - High
- March 03, 2025
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
Memory Corruption
BFS FS Driver Integer Overflow in GRUB2: Heap Bounds Read
CVE-2024-45779
6 - Medium
- March 03, 2025
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
Integer Overflow or Wraparound
GRUB UDF FS Module Heap Overflow: Code Exec bypass Secure Boot
CVE-2025-0689
7.8 - High
- March 03, 2025
When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
Classic Buffer Overflow
GRUB HFS Module Integer Overflow Allowing Arbitrary Code Exec
CVE-2025-1125
7.8 - High
- March 03, 2025
When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.
Memory Corruption
GRUB 32bit int overflow in read() OOB heap write, secureboot bypass
CVE-2025-0690
6.1 - Medium
- February 24, 2025
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
Memory Corruption
GRUB2 Heap OOB Write via Malicious .mo File, Circumvent Secure Boot
CVE-2024-45777
6.7 - Medium
- February 19, 2025
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
Memory Corruption
GRUB2 NULL Check Leak Causes Crash or IVT Corruption
CVE-2024-45775
5.2 - Medium
- February 18, 2025
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
Unchecked Return Value
CVE-2024-45774: OOB Write in grub2 JPEG Parser Could Bypass Secure Boot
CVE-2024-45774
6.7 - Medium
- February 18, 2025
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
Memory Corruption
GRUB Legacy XFS FS UseAfterFree via Modified Partition
CVE-2023-4949
6.7 - Medium
- November 10, 2023
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grubs XFS file system implementation.
Memory Corruption
GRUB2 UAF via chainloader for UAUC and Code Exec
CVE-2022-28736
7.8 - High
- July 20, 2023
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
Dangling pointer
GRUB Integer Underflow in grub_net_recv_ip4_packets Enables Buffer Overrun
CVE-2022-28733
8.1 - High
- July 20, 2023
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
Integer underflow
OOB Write in GRUB2 Font Code via Unicode Input
CVE-2022-3775
7.1 - High
- December 19, 2022
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Memory Corruption
GRUB grub_font_construct_glyph() Heap Overflow: Secure Boot Bypass
CVE-2022-2601
8.6 - High
- December 14, 2022
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Heap-based Buffer Overflow
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area
CVE-2021-3695
4.5 - Medium
- July 06, 2022
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader
CVE-2021-3696
4.5 - Medium
- July 06, 2022
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap
CVE-2021-3697
7 - High
- July 06, 2022
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Memory Corruption
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which
CVE-2013-4577
- May 12, 2014
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
Permissions, Privileges, and Access Controls
