rpm package
suse/grub2&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7
pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61664 | Med | 4.9 | < 2.12-150700.19.19.1 | 2.12-150700.19.19.1 | Nov 18, 2025 | A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking | |
| CVE-2025-61663 | Med | 4.9 | < 2.12-150700.19.19.1 | 2.12-150700.19.19.1 | Nov 18, 2025 | A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can | |
| CVE-2025-61662 | Hig | 7.8 | < 2.12-150700.19.19.1 | 2.12-150700.19.19.1 | Nov 18, 2025 | A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, caus | |
| CVE-2025-61661 | Med | 4.8 | < 2.12-150700.19.19.1 | 2.12-150700.19.19.1 | Nov 18, 2025 | A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can | |
| CVE-2025-54771 | Med | 4.9 | < 2.12-150700.19.19.1 | 2.12-150700.19.19.1 | Nov 18, 2025 | A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerabil | |
| CVE-2025-54770 | Med | 4.9 | < 2.12-150700.19.19.1 | 2.12-150700.19.19.1 | Nov 18, 2025 | A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from me | |
| CVE-2025-4382 | Med | 5.9 | < 2.12-150700.19.3.1 | 2.12-150700.19.3.1 | May 9, 2025 | A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can cor | |
| CVE-2024-56738 | — | < 2.12-150700.19.13.2 | 2.12-150700.19.13.2 | Dec 29, 2024 | GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. |
- affected < 2.12-150700.19.19.1fixed 2.12-150700.19.19.1
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking
- affected < 2.12-150700.19.19.1fixed 2.12-150700.19.19.1
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can
- affected < 2.12-150700.19.19.1fixed 2.12-150700.19.19.1
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, caus
- affected < 2.12-150700.19.19.1fixed 2.12-150700.19.19.1
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can
- affected < 2.12-150700.19.19.1fixed 2.12-150700.19.19.1
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerabil
- affected < 2.12-150700.19.19.1fixed 2.12-150700.19.19.1
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from me
- affected < 2.12-150700.19.3.1fixed 2.12-150700.19.3.1
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can cor
- CVE-2024-56738Dec 29, 2024affected < 2.12-150700.19.13.2fixed 2.12-150700.19.13.2
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.