CVE-2024-56738

CVSS 5.3 - MEDIUM

Description

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Affected Products

1

Vendor	Product	Version
gnu	grub2	`All versions`

References

https://savannah.gnu.org/bugs/?66603

Weakness Types

CWE-208 CWE-203

CVE Information

CVE ID:: CVE-2024-56738
Published:: 2024-12-29
Modified:: 2025-06-24
CVSS Score:: 5.3
Severity:: MEDIUM
Vector:: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Vendors

gnu

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL