AZL-70520

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70520.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-70520

Upstream

CVE-2025-61662

Published

2025-11-18T19:15:50Z

Modified

2026-04-21T04:36:24.988618Z

Summary

CVE-2025-61662 affecting package grub2 for versions less than 2.06-16

Details

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-61662

Affected packages

Azure Linux:2 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-16

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70520.json"