SUSE-SU-2025:4152-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20254152-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4152-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:4152-1
- Upstream
- Related
- Published
- 2025-11-21T09:10:39Z
- Modified
- 2026-02-04T04:00:32.371581Z
- Summary
- Security update for grub2
- Details
-
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rubfileclose() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
- CVE-2025-61661: Fixed out-of-bounds write in grubusbget_string() function (bsc#1252932)
Other fixes:
- Bump upstream SBAT generation to 6
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20254152-1/
- https://bugzilla.suse.com/1252931
- https://bugzilla.suse.com/1252932
- https://bugzilla.suse.com/1252933
- https://bugzilla.suse.com/1252934
- https://bugzilla.suse.com/1252935
- https://www.suse.com/security/cve/CVE-2025-54771
- https://www.suse.com/security/cve/CVE-2025-61661
- https://www.suse.com/security/cve/CVE-2025-61662
- https://www.suse.com/security/cve/CVE-2025-61663
- https://www.suse.com/security/cve/CVE-2025-61664
Affected packages
SUSE:Linux Enterprise Micro 5.5 / grub2
Package
- Name
- grub2
- Purl
- pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.06-150500.29.59.1
Ecosystem specific
{
"binaries": [
{
"grub2-x86_64-xen": "2.06-150500.29.59.1",
"grub2-x86_64-efi": "2.06-150500.29.59.1",
"grub2": "2.06-150500.29.59.1",
"grub2-powerpc-ieee1275": "2.06-150500.29.59.1",
"grub2-snapper-plugin": "2.06-150500.29.59.1",
"grub2-i386-pc": "2.06-150500.29.59.1",
"grub2-s390x-emu": "2.06-150500.29.59.1",
"grub2-arm64-efi": "2.06-150500.29.59.1"
}
]
}