rpm package
suse/grub2&distro=SUSE Linux Micro 6.0
pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Micro%206.0
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45775 | Med | 5.2 | < 2.12~rc1-6.1 | 2.12~rc1-6.1 | Feb 18, 2025 | A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the pars | |
| CVE-2024-45774 | Med | 6.7 | < 2.12~rc1-6.1 | 2.12~rc1-6.1 | Feb 18, 2025 | A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not | |
| CVE-2024-56738 | — | < 2.12~rc1-7.1 | 2.12~rc1-7.1 | Dec 29, 2024 | GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. | ||
| CVE-2024-56737 | — | < 2.12~rc1-6.1 | 2.12~rc1-6.1 | Dec 29, 2024 | GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. | ||
| CVE-2024-49504 | Hig | — | < 2.12~rc1-6.1 | 2.12~rc1-6.1 | Nov 13, 2024 | grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. |
- affected < 2.12~rc1-6.1fixed 2.12~rc1-6.1
A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the pars
- affected < 2.12~rc1-6.1fixed 2.12~rc1-6.1
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not
- CVE-2024-56738Dec 29, 2024affected < 2.12~rc1-7.1fixed 2.12~rc1-7.1
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
- CVE-2024-56737Dec 29, 2024affected < 2.12~rc1-6.1fixed 2.12~rc1-6.1
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
- affected < 2.12~rc1-6.1fixed 2.12~rc1-6.1
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
Page 2 of 2