AZL-70523

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70523.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-70523

Upstream

CVE-2025-61663

Published

2025-11-18T19:15:50Z

Modified

2026-04-21T04:36:24.726869Z

Summary

CVE-2025-61663 affecting package grub2 for versions less than 2.06-16

Details

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-61663

Affected packages

Azure Linux:2 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-16

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70523.json"