Overview

File _patchinfo of Package patchinfo.41493

<patchinfo incident="41493">
  <issue tracker="cve" id="2025-61662"/>
  <issue tracker="cve" id="2025-54770"/>
  <issue tracker="cve" id="2025-61661"/>
  <issue tracker="cve" id="2025-61663"/>
  <issue tracker="cve" id="2025-54771"/>
  <issue tracker="cve" id="2025-61664"/>
  <issue tracker="bnc" id="1252932">VUL-0: EMBARGOED: CVE-2025-61661: grub2: Out-of-bounds write in grub_usb_get_string() function</issue>
  <issue tracker="bnc" id="1241132">[Build 84.1] [Migration] [Rollback] snapper rollback can't rollback to sles15sp4 after migration</issue>
  <issue tracker="bnc" id="1252933">VUL-0: EMBARGOED: CVE-2025-61662: grub2: Missing unregister call for gettext command may lead to use-after-free</issue>
  <issue tracker="bnc" id="1252931">VUL-0: EMBARGOED: CVE-2025-54771: grub2: grub_file_close() does not properly controls the fs refcount</issue>
  <issue tracker="bnc" id="1252930">VUL-0: EMBARGOED: CVE-2025-54770: grub2: Missing unregister call for net_set_vlan command may lead to use-after-free</issue>
  <issue tracker="bnc" id="1252934">VUL-0: EMBARGOED: CVE-2025-61663: grub2: Missing unregister call for normal commands may lead to use-after-free</issue>
  <issue tracker="bnc" id="1252935">VUL-0: EMBARGOED: CVE-2025-61664: grub2: Missing unregister call for normal_exit command may lead to use-after-free</issue>
  <issue tracker="bnc" id="1236744">Unable to install SLES due to out of memory failure (GRUB)</issue>
  <issue tracker="bnc" id="1252269">L3: SLES15 SP6 install boot fails with "Could not allocate memory for RTAS"  -  thread::VSmdwHVTIs64xFDlEjpgjys::</issue>
  <issue tracker="bnc" id="1245953">GRUB: Timeout when loading the initrd</issue>
  <packager>michael-chang</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for grub2</summary>
  <description>This update for grub2 fixes the following issues:

- CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930)
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) 
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) 
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)

Other fixes:

- Bump upstream SBAT generation to 6
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
- Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132)
- Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places