CVE-2024-56738

Опубликовано: 29 дек. 2024

Источник: debian

EPSS Низкий

Описание

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Пакет	Статус	Релиз	Тип
grub2	unfixed		package
grub2	postponed	trixie	package
grub2	postponed	bookworm	package

EPSS

Процентиль: 32%

0.00166

Низкий

CVE-2024-56738

CVSS3: 5.3

ubuntu

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

CVSS3: 6.5

redhat

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

CVSS3: 5.3

nvd

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

msrc

3 месяца назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

SUSE-SU-2025:02813-1

suse-cvrf

3 месяца назад

Recommended update for grub2

EPSS

Процентиль: 32%

0.00166

Низкий