SUSE update for grub2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-56738 |
| CWE-ID | CWE-203 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system grub2-x86_64-xen Operating systems & Components / Operating system package or component grub2-snapper-plugin Operating systems & Components / Operating system package or component grub2-systemd-sleep-plugin Operating systems & Components / Operating system package or component grub2-debuginfo Operating systems & Components / Operating system package or component grub2 Operating systems & Components / Operating system package or component grub2-i386-pc Operating systems & Components / Operating system package or component grub2-debugsource Operating systems & Components / Operating system package or component grub2-x86_64-efi Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Observable discrepancy
EUVDB-ID: #VU112027
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56738
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to software does not use a constant-time algorithm for grub_crypto_memcmp. An attacker with physical access to the system can perform side-channel attacks to bypass implemented security restrictions and escalate privileges on the system.
MitigationUpdate the affected package grub2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12 SP5 LTSS Extended: Security
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
grub2-x86_64-xen: before 2.02-190.1
grub2-snapper-plugin: before 2.02-190.1
grub2-systemd-sleep-plugin: before 2.02-190.1
grub2-debuginfo: before 2.02-190.1
grub2: before 2.02-190.1
grub2-i386-pc: before 2.02-190.1
grub2-debugsource: before 2.02-190.1
grub2-x86_64-efi: before 2.02-190.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_12_sp5_ltss_extended:Security:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502725-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
