Main Vulnerability Database SB2025120520

SB2025120520 - Anolis OS update for grub2

Published: December 5, 2025

Security Bulletin ID SB2025120520

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2025-54771)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure within the grub_file_read() function in grub-core/kern/file.c. A local user can trigger a use-after-free error and crash the application.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2025:0875

Vulnerable Software

Anolis OS: 23
grub2-efi-riscv64-cdboot: before 2.12-18
grub2-efi-riscv64: before 2.12-18
grub2-efi-loongarch64-cdboot: before 2.12-18
grub2-efi-loongarch64: before 2.12-18
grub2-pc-modules: before 2.12-18
grub2-efi-x64-modules: before 2.12-18
grub2-efi-riscv64-modules: before 2.12-18
grub2-efi-loongarch64-modules: before 2.12-18
grub2-efi-ia32-modules: before 2.12-18
grub2-efi-aa64-modules: before 2.12-18
grub2-doc: before 2.12-18
grub2-common: before 2.12-18
grub2-efi-aa64-cdboot: before 2.12-18
grub2-efi-aa64: before 2.12-18
grub2-tools-minimal: before 2.12-18
grub2-tools-extra: before 2.12-18
grub2-tools-efi: before 2.12-18
grub2-tools: before 2.12-18
grub2-pc: before 2.12-18
grub2-emu-modules: before 2.12-18
grub2-emu: before 2.12-18
grub2-efi-x64-cdboot: before 2.12-18
grub2-efi-x64: before 2.12-18
grub2-efi-ia32-cdboot: before 2.12-18
grub2-efi-ia32: before 2.12-18

SB2025120520 - Anolis OS update for grub2

Breakdown by Severity

Description

Remediation

References

Please verify you're human