GHSA-9gmj-v2m8-qffv

Опубликовано: 29 дек. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Ссылки

EPSS

Процентиль: 32%

0.00166

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2024-56738

Дефекты

CWE-208

Связанные уязвимости

CVE-2024-56738

CVSS3: 5.3

ubuntu

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

CVSS3: 6.5

redhat

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

CVSS3: 5.3

nvd

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

msrc

3 месяца назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CVE-2024-56738

CVSS3: 5.3

debian

11 месяцев назад

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorit ...

EPSS

Процентиль: 32%

0.00166

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2024-56738

Дефекты

CWE-208