GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
                
            References
                    | Link | Resource | 
|---|---|
| https://savannah.gnu.org/bugs/?66603 | Issue Tracking Third Party Advisory | 
Configurations
                    History
                    24 Jun 2025, 00:29
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://savannah.gnu.org/bugs/?66603 - Issue Tracking, Third Party Advisory | |
| CWE | CWE-203 | |
| CPE | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* | |
| First Time | Gnu grub2 Gnu | 
31 Dec 2024, 19:15
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : unknown v3 : 5.3 | 
| Summary | 
 | 
29 Dec 2024, 07:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2024-12-29 07:15
Updated : 2025-06-24 00:29
NVD link : CVE-2024-56738
Mitre link : CVE-2024-56738
CVE.ORG link : CVE-2024-56738
JSON object : View
Products Affected
                gnu
- grub2
