CVE-2025-54770
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-18
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | grub | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-825 | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use-after-Free flaw in the GRUB2 bootloader's network module. It occurs because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can cause the system to access invalid memory locations, leading to system instability and potentially causing the system to crash and become unavailable.
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) by making the system unstable and potentially crashing it completely. This results in loss of system availability, which can disrupt operations and services relying on the affected system.