Unchecked Return Value

CVE-2024-45775

Medium

5.2/10

Summary

A flaw was found in grub2 where the "grub_extcmd_dispatcher()" function calls "grub_arg_list_alloc()" to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the "parse_option()" function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: HIGH

CWE-252 - Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Feb 18, 2025

Unchecked Return Value

CVE-2024-45775

Summary

CWE-252 - Unchecked Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS