CVE-2024-45775 is a vulnerability identified in the grub2 bootloader, specifically within the grub_extcmd_dispatcher() function. This function calls grub_arg_list_alloc() to allocate memory for the argument list used during grub command processing. However, the code does not verify whether the memory allocation was successful. If grub_arg_list_alloc() returns NULL due to allocation failure, the subsequent parse_option() function attempts to process this NULL pointer. This leads to a NULL pointer dereference, causing grub to crash. In rare scenarios, this can also corrupt the Interrupt Vector Table (IVT) data, which is critical for system interrupt handling. The vulnerability requires local access with high privileges (PR:H) and has a high attack complexity (AC:H), meaning exploitation is difficult and requires specific conditions. No user interaction is needed (UI:N), and the scope is unchanged (S:U). The CVSS v3.1 base score is 5.2, reflecting medium severity with impacts primarily on availability (A:H) and limited impacts on confidentiality (C:L) and integrity (I:L). There are no known exploits in the wild, and no patches or vendor-specific mitigations are currently linked. The flaw stems from improper error handling in memory allocation, a common programming oversight that can lead to denial of service or system instability during the boot process.

The primary impact of CVE-2024-45775 is on system availability. A successful exploitation causes grub2 to crash, potentially preventing the system from booting properly, leading to denial of service. In rare cases, corruption of the Interrupt Vector Table (IVT) could cause unpredictable system behavior or hardware interrupt handling issues, potentially affecting system stability and integrity. Since grub2 is a critical component in the boot process of many Linux and Unix-like systems, this vulnerability could disrupt operations in environments relying on grub2 for system startup. The requirement for local high-privilege access limits the attack surface, but insider threats or compromised administrative accounts could exploit this flaw. The vulnerability does not directly expose sensitive data or allow privilege escalation, but the resulting denial of service could impact business continuity, especially in critical infrastructure or enterprise environments. Systems that rely heavily on grub2, including servers, cloud infrastructure, and embedded devices using grub2, are at risk of operational disruption.

Organizations should monitor for official patches or updates from grub2 maintainers and apply them promptly once available. In the interim, administrators should audit systems to ensure grub2 versions are up to date and consider restricting local administrative access to trusted personnel only. Implementing robust monitoring for system boot failures and logs related to grub2 can help detect exploitation attempts early. Where feasible, system hardening measures such as secure boot and integrity verification of bootloader components can reduce the risk of exploitation. Developers and maintainers should enhance grub2’s error handling to verify memory allocation success and gracefully handle failures without dereferencing NULL pointers. Additionally, testing grub2 under low-memory conditions can help identify similar issues proactively. Backup and recovery plans should be reviewed to ensure rapid restoration in case of boot failures caused by this vulnerability.