SUSE update for grub2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2025-54770 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 |
| CWE-ID | CWE-416 CWE-787 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Server Applications Module Operating systems & Components / Operating system Basesystem Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system grub2-x86_64-xen Operating systems & Components / Operating system package or component grub2-s390x-emu Operating systems & Components / Operating system package or component grub2-debugsource Operating systems & Components / Operating system package or component grub2-i386-pc Operating systems & Components / Operating system package or component grub2-systemd-sleep-plugin Operating systems & Components / Operating system package or component grub2-arm64-efi Operating systems & Components / Operating system package or component grub2-x86_64-efi Operating systems & Components / Operating system package or component grub2-powerpc-ieee1275 Operating systems & Components / Operating system package or component grub2-snapper-plugin Operating systems & Components / Operating system package or component grub2-debuginfo Operating systems & Components / Operating system package or component grub2 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU118730
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-54770
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the net_set_vlan() function. An attacker with physical access to the system can perform a denial of service attack.
MitigationUpdate the affected package grub2 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.19.1
grub2-s390x-emu: before 2.12-150700.19.19.1
grub2-debugsource: before 2.12-150700.19.19.1
grub2-i386-pc: before 2.12-150700.19.19.1
grub2-systemd-sleep-plugin: before 2.12-150700.19.19.1
grub2-arm64-efi: before 2.12-150700.19.19.1
grub2-x86_64-efi: before 2.12-150700.19.19.1
grub2-powerpc-ieee1275: before 2.12-150700.19.19.1
grub2-snapper-plugin: before 2.12-150700.19.19.1
grub2-debuginfo: before 2.12-150700.19.19.1
grub2: before 2.12-150700.19.19.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-s390x-emu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-arm64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-powerpc-ieee1275:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254305-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU118662
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-54771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure within the grub_file_read() function in grub-core/kern/file.c. A local user can trigger a use-after-free error and crash the application.
MitigationUpdate the affected package grub2 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.19.1
grub2-s390x-emu: before 2.12-150700.19.19.1
grub2-debugsource: before 2.12-150700.19.19.1
grub2-i386-pc: before 2.12-150700.19.19.1
grub2-systemd-sleep-plugin: before 2.12-150700.19.19.1
grub2-arm64-efi: before 2.12-150700.19.19.1
grub2-x86_64-efi: before 2.12-150700.19.19.1
grub2-powerpc-ieee1275: before 2.12-150700.19.19.1
grub2-snapper-plugin: before 2.12-150700.19.19.1
grub2-debuginfo: before 2.12-150700.19.19.1
grub2: before 2.12-150700.19.19.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-s390x-emu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-arm64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-powerpc-ieee1275:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254305-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU118663
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-61661
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error within the grub_usb_get_string() function in grub-core/commands/usbtest.c. An attacker with physical access to the system can connect a specially crafted USB device during the boot sequence, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
MitigationUpdate the affected package grub2 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.19.1
grub2-s390x-emu: before 2.12-150700.19.19.1
grub2-debugsource: before 2.12-150700.19.19.1
grub2-i386-pc: before 2.12-150700.19.19.1
grub2-systemd-sleep-plugin: before 2.12-150700.19.19.1
grub2-arm64-efi: before 2.12-150700.19.19.1
grub2-x86_64-efi: before 2.12-150700.19.19.1
grub2-powerpc-ieee1275: before 2.12-150700.19.19.1
grub2-snapper-plugin: before 2.12-150700.19.19.1
grub2-debuginfo: before 2.12-150700.19.19.1
grub2: before 2.12-150700.19.19.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-s390x-emu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-arm64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-powerpc-ieee1275:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254305-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU118665
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-61662
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error within the grub_cmd_translate() function in grub-core/gettext/gettext.c. An attacker with physical access to the system can perform a denial of service attack.
MitigationUpdate the affected package grub2 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.19.1
grub2-s390x-emu: before 2.12-150700.19.19.1
grub2-debugsource: before 2.12-150700.19.19.1
grub2-i386-pc: before 2.12-150700.19.19.1
grub2-systemd-sleep-plugin: before 2.12-150700.19.19.1
grub2-arm64-efi: before 2.12-150700.19.19.1
grub2-x86_64-efi: before 2.12-150700.19.19.1
grub2-powerpc-ieee1275: before 2.12-150700.19.19.1
grub2-snapper-plugin: before 2.12-150700.19.19.1
grub2-debuginfo: before 2.12-150700.19.19.1
grub2: before 2.12-150700.19.19.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-s390x-emu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-arm64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-powerpc-ieee1275:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254305-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU118667
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-61663
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service attack.
The vulnerability exists due to the normal command is not properly unregistered when the module is unloaded. An attacker with physical access to the system can perform a denial of service attack.
MitigationUpdate the affected package grub2 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.19.1
grub2-s390x-emu: before 2.12-150700.19.19.1
grub2-debugsource: before 2.12-150700.19.19.1
grub2-i386-pc: before 2.12-150700.19.19.1
grub2-systemd-sleep-plugin: before 2.12-150700.19.19.1
grub2-arm64-efi: before 2.12-150700.19.19.1
grub2-x86_64-efi: before 2.12-150700.19.19.1
grub2-powerpc-ieee1275: before 2.12-150700.19.19.1
grub2-snapper-plugin: before 2.12-150700.19.19.1
grub2-debuginfo: before 2.12-150700.19.19.1
grub2: before 2.12-150700.19.19.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-s390x-emu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-arm64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-powerpc-ieee1275:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254305-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU118668
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-61664
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error when the normal_exit command is invoked after the normal module unload. An attacker with physical access to the system can perform a denial of service attack.
Mitigation
Update the affected package grub2 to the latest version.
Vulnerable software versionsServer Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
grub2-x86_64-xen: before 2.12-150700.19.19.1
grub2-s390x-emu: before 2.12-150700.19.19.1
grub2-debugsource: before 2.12-150700.19.19.1
grub2-i386-pc: before 2.12-150700.19.19.1
grub2-systemd-sleep-plugin: before 2.12-150700.19.19.1
grub2-arm64-efi: before 2.12-150700.19.19.1
grub2-x86_64-efi: before 2.12-150700.19.19.1
grub2-powerpc-ieee1275: before 2.12-150700.19.19.1
grub2-snapper-plugin: before 2.12-150700.19.19.1
grub2-debuginfo: before 2.12-150700.19.19.1
grub2: before 2.12-150700.19.19.1
CPE2.3- cpe:2.3:o:suse:server_applications_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:a:suse:grub2-x86_64-xen:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-s390x-emu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-i386-pc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-systemd-sleep-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-arm64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-x86_64-efi:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-powerpc-ieee1275:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-snapper-plugin:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:grub2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-20254305-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
