๐Ÿ” CVE Alert

CVE-2024-56738

MEDIUM 5.3
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

CWE CWE-208
Vendor gnu
Product grub2
Published Dec 29, 2024
Last Updated Dec 31, 2024
Stay Ahead of the Next One

Get instant alerts for gnu grub2

Be the first to know when new medium vulnerabilities affecting gnu grub2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

GNU / GRUB2
2.00 โ‰ค 2.12

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
savannah.gnu.org: https://savannah.gnu.org/bugs/?66603