You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
grub2 vulnerability
About this tag
The grub2 vulnerability tag covers recent security flaws in the GRUB2 bootloader, specifically CVE-2025-61661 and CVE-2025-61662. CVE-2025-61661 is an out-of-bounds write during USB string handling that can cause a denial-of-service or limited data corruption when a malicious USB device is present during boot. CVE-2025-61662 is a use-after-free bug in the gettext module that leads to bootloader crashes. Both vulnerabilities have received upstream patches, and administrators are advised to apply vendor updates and implement device controls. These issues affect Linux distributions and recovery environments that rely on GRUB2.
A new GRUB2 vulnerability, tracked as CVE-2025-61661, permits an out‑of‑bounds write during USB string handling that can crash the bootloader when a maliciously‑crafted USB device is present during boot, producing a denial‑of‑service and a limited risk of data corruption; the defect is narrow...
A recently disclosed use‑after‑free defect in the GRUB2 bootloader — tracked as CVE‑2025‑61662 — stems from a missing unregister call in the gettext module and can lead to grub crashes and denial‑of‑service on affected systems. Background / Overview
GRUB (GRand Unified Bootloader) is the de...