Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: grub2 Important Security Fixes Advisory 2025:21223-1

suse
Calendar Grey December 18, 2025
Dist Suse Esm H88
An important security update for grub2 addresses multiple vulnerabilities with fixes available now. Review for installation.
An update that solves seven vulnerabilities and has seven fixes can now be installed.

Summary

## This update for grub2 fixes the following issues: Changes in grub2: * CVE-2025-54771: Fixed grub_file_close() does not properly controls the fs refcount (bsc#1252931) * CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) * CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) * CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) * CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) * CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) * Bump upstream SBAT generation to 6

References

* bsc#1234959

* bsc#1245636

* bsc#1245738

* bsc#1245953

* bsc#1246231

* bsc#1247242

* bsc#1249088

* bsc#1249385

* bsc#1252930

* bsc#1252931

* bsc#1252932

* bsc#1252933

* bsc#1252934

* bsc#1252935

Cross-

* CVE-2024-56738

* CVE-2025-54770

* CVE-2025-54771

* CVE-2025-61661

* CVE-2025-61662

* CVE-2025-61663

* CVE-2025-61664

CVSS scores:

* CVE-2024-56738 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-56738 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-56738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-54770 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-54770 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:21223-1
Release Date: 2025-12-15T12:50:52Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here