Описание
Recommended update for grub2
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
Other fixes:
- Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237)
- Skip mount point in grub_find_device function (bsc#1246231)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
grub2-2.12-150700.19.13.2
grub2-arm64-efi-2.12-150700.19.13.2
grub2-i386-pc-2.12-150700.19.13.2
grub2-powerpc-ieee1275-2.12-150700.19.13.2
grub2-s390x-emu-2.12-150700.19.13.2
grub2-snapper-plugin-2.12-150700.19.13.2
grub2-systemd-sleep-plugin-2.12-150700.19.13.2
grub2-x86_64-efi-2.12-150700.19.13.2
SUSE Linux Enterprise Module for Server Applications 15 SP7
grub2-x86_64-xen-2.12-150700.19.13.2
Ссылки
- Link for SUSE-SU-2025:02813-1
- E-Mail link for SUSE-SU-2025:02813-1
- SUSE Security Ratings
- SUSE Bug 1234959
- SUSE Bug 1246157
- SUSE Bug 1246231
- SUSE Bug 1246237
- SUSE CVE CVE-2024-56738 page
Описание
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:grub2-2.12-150700.19.13.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:grub2-arm64-efi-2.12-150700.19.13.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:grub2-i386-pc-2.12-150700.19.13.2
SUSE Linux Enterprise Module for Basesystem 15 SP7:grub2-powerpc-ieee1275-2.12-150700.19.13.2
Ссылки
- CVE-2024-56738
- SUSE Bug 1234959