Security Advisory

CVE-2025-54771

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-18 18:20:40
Last updated 2026-06-30 03:10:30
Assigner redhat
State PUBLISHED

Description

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.