GRUB2 Bootloader Security Update Advisory

Apr 02 2025

Overview

We have released a security update to address a vulnerability in the GRUB2 bootloader. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-56737, CVE-2025-0678

GRUB2 versions prior to 2.12-6

Resolved Vulnerabilities

Heap Buffer Overflow Vulnerability (CVE-2024-56737)
Out-of-bounds write vulnerability (CVE-2025-0678)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-56737, CVE-2025-0678

Check the referenced sites to perform the update
Debian [2][3], Suse [4][5], Amazon Linux [6]

References
[1] GRUB2 Bootloader Vulnerability Security Update Advisory
https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0000133&searchWrd=&menuNo=205020&pageIndex=1&categoryCode=&nttId=71703
[2] CVE-2024-56737
https://security-tracker.debian.org/tracker/CVE-2024-56737
[3] cve-2025-0678
https://security-tracker.debian.org/tracker/CVE-2025-0678
[4] cve-2024-56737
https://www.suse.com/security/cve/CVE-2024-56737.html
[5] cve-2025-0678
https://www.suse.com/security/cve/CVE-2025-0678.html
[6] cve-2024-56737

GRUB2 Bootloader Security Update Advisory

Canon Product Security Update Advisory (CVE-2025-1268)

Mozilla Products April 2025 1st Security Update Advisory

Tags:

Canon Product Security Update Advisory (CVE-2025-1268)

Mozilla Products April 2025 1st Security Update Advisory