Main Vulnerability Database SB20250816302

SB20250816302 - SUSE update for Recommended update for grub2

Published: August 16, 2025

Security Bulletin ID SB20250816302

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Observable discrepancy (CVE-ID: CVE-2024-56738)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to software does not use a constant-time algorithm for grub_crypto_memcmp. An attacker with physical access to the system can perform side-channel attacks to bypass implemented security restrictions and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2025/suse-su-202502813-1/

Vulnerable Software

Server Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.13.2
grub2-s390x-emu: before 2.12-150700.19.13.2
grub2-debugsource: before 2.12-150700.19.13.2
grub2-systemd-sleep-plugin: before 2.12-150700.19.13.2
grub2-arm64-efi: before 2.12-150700.19.13.2
grub2-powerpc-ieee1275: before 2.12-150700.19.13.2
grub2-snapper-plugin: before 2.12-150700.19.13.2
grub2-x86_64-efi: before 2.12-150700.19.13.2
grub2-i386-pc: before 2.12-150700.19.13.2
grub2-debuginfo: before 2.12-150700.19.13.2
grub2: before 2.12-150700.19.13.2