CVE-2025-61663 (CNNVD-202511-1985)
中文标题:
GNU GRUB 安全漏洞
英文标题:
Grub2: missing unregister call for normal commands may lead to use-after-free
漏洞描述
中文描述:
GNU GRUB是GNU社区的一款Linux系统引导程序。 GNU GRUB存在安全漏洞,该漏洞源于normal命令释放后重用,可能导致拒绝服务或系统崩溃。
英文描述:
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| GNU | grub2 | - | ≤ 2.14 | - |
cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
|
| Red Hat | Red Hat Enterprise Linux 10 | - | - | - |
cpe:/o:redhat:enterprise_linux:10
|
| Red Hat | Red Hat Enterprise Linux 7 | - | - | - |
cpe:/o:redhat:enterprise_linux:7
|
| Red Hat | Red Hat Enterprise Linux 8 | - | - | - |
cpe:/o:redhat:enterprise_linux:8
|
| Red Hat | Red Hat Enterprise Linux 9 | - | - | - |
cpe:/o:redhat:enterprise_linux:9
|
| Red Hat | Red Hat OpenShift Container Platform 4 | - | - | - |
cpe:/a:redhat:openshift:4
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-61663 |
2025-12-21 02:11:30 | 2026-01-12 02:12:11 |
| NVD | nvd_CVE-2025-61663 |
2025-11-20 03:00:03 | 2026-01-12 02:27:56 |
| CNNVD | cnnvd_CNNVD-202511-1985 |
2026-01-26 02:10:02 | 2026-01-25 18:11:35 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202511-1985
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']