关键信息总结 漏洞编号 CVE-2025-61664 漏洞描述 Description: 在GRUB2启动加载程序的正常模块中发现了一个漏洞。这是一个内存“使用后释放”问题,发生在相关模块卸载时,正常的 命令没有正确注销,导致攻击者在模块卸载后调用该命令时,系统会错误访问先前释放的内存位置,导致系统崩溃或数据机密性和完整性受到影响。 漏洞评估 Severity: Moderate CVSS v3 Base Score: 4.9 CVSS v3 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 受影响的产品和组件 Red Hat Enterprise Linux 10: grub2 (State: Fix deferred) Red Hat Enterprise Linux 7: grub2 (State: Fix deferred) Red Hat Enterprise Linux 8: grub2 (State: Fix deferred) Red Hat Enterprise Linux 9: grub2 (State: Fix deferred) Red Hat OpenShift Container Platform 4: rhcos (State: Fix deferred) Common Vulnerability Scoring System (CVSS) Score Details Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: Low Integrity Impact: Low Availability Impact: Low 弱点理解 (CWE) CWE-825: 已过期指针解除引用 关键外部链接 CVE-2025-61664 - CVE.org CVE-2025-61664 - NVD