grub2: backport GRUB2 security fixes for six CVEs #2

Merged

sbelikov merged 3 commits from cve-grub2-CVE-2024-45782-CVE-2024-56737-CVE-2025-0678 into niceos-5.2

2026-05-26 04:12:02 +03:00

sbelikov commented

2026-05-26 01:16:18 +03:00

Owner

Summary

Backport GRUB2 security fixes relevant to grub2 2.12-1 for the following CVEs:

CVE-2024-45782
CVE-2024-56737
CVE-2025-0678
CVE-2025-0689
CVE-2025-1125
CVE-2025-61662

Impact

These issues affect filesystem handlers and gettext module lifetime handling in GRUB2. Several of them can lead to heap corruption or use-after-free in the pre-boot environment, with potential secure-boot bypass impact.

Strategy

Use targeted backports into the existing 2.12 branch rather than a full major-version jump, unless downstream policy prefers a broader update path.

Validation

Rebuild the RPM set for all produced subpackages.
Verify EFI image generation and module packaging.
Run GRUB2 emulator and basic bootloader smoke tests.
Exercise safe filesystem parsing paths with benign test fixtures where available.

## Summary Backport GRUB2 security fixes relevant to grub2 2.12-1 for the following CVEs: - CVE-2024-45782 - CVE-2024-56737 - CVE-2025-0678 - CVE-2025-0689 - CVE-2025-1125 - CVE-2025-61662 ## Impact These issues affect filesystem handlers and gettext module lifetime handling in GRUB2. Several of them can lead to heap corruption or use-after-free in the pre-boot environment, with potential secure-boot bypass impact. ## Strategy Use targeted backports into the existing 2.12 branch rather than a full major-version jump, unless downstream policy prefers a broader update path. ## Validation - Rebuild the RPM set for all produced subpackages. - Verify EFI image generation and module packaging. - Run GRUB2 emulator and basic bootloader smoke tests. - Exercise safe filesystem parsing paths with benign test fixtures where available.

sbelikov added 1 commit

2026-05-26 01:16:18 +03:00