GRUB2 Dump Command Bypass in Lockdown Mode Leaks Memory
CVE-2025-1118 Published on February 19, 2025
Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
Vulnerability Analysis
CVE-2025-1118 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public. 1 day later.
Weakness Type
Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message. A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.
Products Associated with CVE-2025-1118
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-1118 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.