Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 734
Alerts This Week
Warning Icon 1 734

SUSE: Grub2 Moderate Advisory 2025:4152-1 for Use-After-Free Issues

suse
Calendar Grey November 21, 2025
Dist Suse Esm H88
SUSE's security update for grub2 addresses five key issues, ensuring stability and safety for users. Learn how to apply it!
* bsc#1252931 * bsc#1252932 * bsc#1252933 * bsc#1252934 * bsc#1252935

Summary

## This update for grub2 fixes the following issues: * CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) * CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) * CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) * CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) * CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: * Bump upstream SBAT generation to 6 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1252931

* bsc#1252932

* bsc#1252933

* bsc#1252934

* bsc#1252935

Cross-

* CVE-2025-54771

* CVE-2025-61661

* CVE-2025-61662

* CVE-2025-61663

* CVE-2025-61664

CVSS scores:

* CVE-2025-54771 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-54771 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-54771 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-61661 ( SUSE ): 4.3

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-61661 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2025-61661 ( NVD ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2025-61662 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Announcement ID: SUSE-SU-2025:4152-1
Release Date: 2025-11-21T09:10:40Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.