Key Vulnerability Information Vulnerability Overview RHSA Number: RHSA-2025:6990 Release Date: 2025-05-13 Update Date: 2025-05-13 Type/Severity: Moderate Security Advisory Subject Updated grub2 for Red Hat Enterprise Linux 9. Description The grub2 package provides version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with a modular architecture. Supports various kernel formats, file systems, computer architectures, and hardware devices. Security Fixes CVE-2024-45774: grub2: reader/jpeg: Heap-based out-of-bounds write during JPEG parsing CVE-2024-45775: grub2: commands/extcmd: Missing allocation failure check CVE-2024-45776: grub2: grub-core/gettext: Integer overflow leading to heap-based out-of-bounds read/write CVE-2024-45781: grub2: fs/ufs: Heap-based out-of-bounds write CVE-2024-45783: grub2: fs/hfs+: refcount can be decremented twice CVE-2025-0622: grub2: command/gpg: Use-after-free due to unremoved hook on module unload CVE-2025-0677: grub2: UFS: Integer overflow may lead to heap-based out-of-bounds write when handling symbolic links CVE-2025-0690: grub2: read: Integer overflow may lead to out-of-bounds write Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes Lists multiple BZ numbers with corresponding CVE numbers and descriptions. CVEs CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45781 CVE-2024-45783 CVE-2025-0622 CVE-2025-0677 CVE-2025-0690 References Red Hat Security Update Classification Red Hat Enterprise Linux 9 Release Notes