EulerOS Virtualization 2.10.0 : grub2 (EulerOS-SA-2026-1170)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel...

MiracleLinux 9 : grub2-2.06-104.el9_6.ML.1 (AXSA:2025-10402:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10402:07 advisory. grub2: reader/jpeg: Heap OOB Write during JPEG parsing CVE-2024-45774 grub2: commands/extcmd: Missing check for failed allocation CVE-2024-45775...

EulerOS Virtualization 2.13.0 : grub2 (EulerOS-SA-2025-2577)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS...

SUSE SLED15: grub2 / grub2-arm64-efi / grub2-arm64-efi-debug / etc (SUSE-SU-2025:4196-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4196-1 advisory. - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-fre...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-2261)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.CVE-2024-56737 GNU GRUB a...

AlmaLinux 10 : grub2 (ALSA-2025:16154)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:16154 advisory. grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. CVE-2024-45776 grub2: fs/ufs: OOB write in the heap CVE-2024-45781 grub2:...

RockyLinux 10 : grub2 (RLSA-2025:16154)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16154 advisory. grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. CVE-2024-45776 grub2: fs/ufs: OOB write in the heap CVE-2024-45781 grub2:...

Vulnerabilities fixed in GRUB2

Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...

USN-4432-1 grub2, grub2-signed vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...