grub2 (SUSE:Linux Enterprise Module for Basesystem 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP7 package grub2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2025-61662 — CVSS 7.8 (high): A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext…
CVE-2025-4382 — CVSS 5.9 (medium): A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to…
CVE-2024-56738 — CVSS 5.3 (medium): GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2025-61663 — CVSS 4.9 (medium): A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This…
CVE-2025-61664 — CVSS 4.9 (medium): A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because…
CVE-2025-54770 — CVSS 4.9 (medium): A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This…
CVE-2025-54771 — CVSS 4.9 (medium): A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing…
CVE-2025-61661 — CVSS 4.8 (medium): A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles…