CVE-2024-45774 identifies a vulnerability in grub2's JPEG parser where a specially crafted JPEG file can cause an out-of-bounds write due to incorrect bounds checking of internal buffers. Grub2, a widely used bootloader in Linux and Unix-like systems, parses JPEG images during boot or in graphical interfaces. The flaw arises when the JPEG parser fails to properly validate the size and boundaries of data buffers, allowing an attacker to write beyond allocated memory. This out-of-bounds write can corrupt memory, potentially overwriting sensitive information such as secure boot variables or other critical data structures. The vulnerability requires local access with high privileges (PR:H), no user interaction, and has a low attack complexity. The CVSS v3.1 score is 6.7, reflecting medium severity with high impact on confidentiality, integrity, and availability. Although no exploits are currently known in the wild, the potential to bypass secure boot protections elevates the risk. The vulnerability affects grub2 versions prior to the patch and is relevant for systems that rely on grub2 for boot management, especially those enforcing secure boot to ensure trusted boot chains. The flaw was reserved in September 2024 and published in February 2025, with no patch links currently available, indicating that mitigations may still be pending or in development.

The vulnerability can lead to memory corruption via out-of-bounds writes, which may allow attackers to overwrite sensitive data structures within grub2, including those related to secure boot. This could enable bypassing secure boot protections, undermining the integrity of the boot process and allowing unauthorized code execution early in the system startup. The impact spans confidentiality (exposure or corruption of sensitive boot variables), integrity (tampering with bootloader code or secure boot state), and availability (potential system crashes or boot failures). Organizations relying on grub2 for secure boot enforcement, particularly in critical infrastructure, cloud environments, and enterprise Linux deployments, face risks of persistent compromise or system instability. Since exploitation requires local high-privilege access, the threat is more relevant in scenarios where attackers have already gained elevated access or in multi-tenant environments where privilege escalation is possible. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks.

1. Apply official patches from grub2 maintainers as soon as they become available to address the out-of-bounds write vulnerability. 2. Restrict local access to systems running grub2, especially limiting high-privilege user accounts to trusted personnel only. 3. Monitor and audit local file systems and boot environments for suspicious or malformed JPEG files that could be used to trigger the vulnerability. 4. Employ secure boot policies that include additional verification layers beyond grub2 to detect unauthorized modifications. 5. Use system integrity monitoring tools to detect unexpected changes in bootloader files or secure boot variables. 6. In environments where patching is delayed, consider disabling features that parse JPEG files in grub2 if feasible, or isolate systems to reduce exposure. 7. Educate system administrators about the risks of local privilege escalation and the importance of maintaining strict access controls. 8. Implement layered security controls such as mandatory access controls (e.g., SELinux, AppArmor) to limit grub2’s ability to write to sensitive memory regions.