Описание
Security update for grub2
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
grub2-2.02-190.1
grub2-i386-pc-2.02-190.1
grub2-snapper-plugin-2.02-190.1
grub2-systemd-sleep-plugin-2.02-190.1
grub2-x86_64-efi-2.02-190.1
grub2-x86_64-xen-2.02-190.1
Ссылки
- Link for SUSE-SU-2025:02725-1
- E-Mail link for SUSE-SU-2025:02725-1
- SUSE Security Ratings
- SUSE Bug 1234959
- SUSE CVE CVE-2024-56738 page
Описание
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:grub2-2.02-190.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:grub2-i386-pc-2.02-190.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:grub2-snapper-plugin-2.02-190.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:grub2-systemd-sleep-plugin-2.02-190.1
Ссылки
- CVE-2024-56738
- SUSE Bug 1234959