Bugzilla – Bug 1176711
VUL-0: CVE-2020-25632: grub2: use-after-free in rmmod command
Last modified: 2021-09-23 18:46:55 UTC
embargo end was shifted to MARCH CRD: 2021-03-02
CRD: 2021-03-02 18:00UTC
issue is public now
SUSE-SU-2021:0685-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): grub2-2.02-19.66.1 SUSE Linux Enterprise Server 15-LTSS (src): grub2-2.02-19.66.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): grub2-2.02-19.66.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): grub2-2.02-19.66.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0681-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): grub2-2.02-12.47.1 SUSE OpenStack Cloud 9 (src): grub2-2.02-12.47.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): grub2-2.02-12.47.1 SUSE Linux Enterprise Server 12-SP5 (src): grub2-2.02-12.47.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): grub2-2.02-12.47.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0683-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): grub2-2.04-9.34.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): grub2-2.04-9.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0682-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): grub2-2.02-4.69.1 SUSE OpenStack Cloud 8 (src): grub2-2.02-4.69.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): grub2-2.02-4.69.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): grub2-2.02-4.69.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): grub2-2.02-4.69.1 HPE Helion Openstack 8 (src): grub2-2.02-4.69.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0679-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE OpenStack Cloud 7 (src): grub2-2.02-115.59.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): grub2-2.02-115.59.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): grub2-2.02-115.59.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): grub2-2.02-115.59.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14659-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2017-9763,CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): grub2-2.02-0.66.26.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): grub2-2.02-0.66.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0684-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: SUSE Manager Server 4.0 (src): grub2-2.02-26.43.1 SUSE Manager Retail Branch Server 4.0 (src): grub2-2.02-26.43.1 SUSE Manager Proxy 4.0 (src): grub2-2.02-26.43.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): grub2-2.02-26.43.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): grub2-2.02-26.43.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): grub2-2.02-26.43.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): grub2-2.02-26.43.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): grub2-2.02-26.43.1 SUSE Enterprise Storage 6 (src): grub2-2.02-26.43.1 SUSE CaaS Platform 4.0 (src): grub2-2.02-26.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0462-1: An update that solves 7 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1175970,1176711,1177883,1179264,1179265,1182057,1182262,1182263,1183073 CVE References: CVE-2020-14372,CVE-2020-25632,CVE-2020-25647,CVE-2020-27749,CVE-2020-27779,CVE-2021-20225,CVE-2021-20233 JIRA References: Sources used: openSUSE Leap 15.2 (src): grub2-2.04-lp152.7.22.7
Hi All, https://www.suse.com/security/cve/CVE-2020-25632 https://www.suse.com/security/cve/CVE-2020-25647 https://www.suse.com/security/cve/CVE-2020-27749 https://www.suse.com/security/cve/CVE-2020-27779 https://www.suse.com/security/cve/CVE-2020-14372 https://www.suse.com/security/cve/CVE-2021-20225 https://www.suse.com/security/cve/CVE-2021-20233 The CVE webpage does not record sles11sp3 related information, Does this grub2 vulnerability affect the sles11sp3 system,whether it is planned to be repaired? thank you very much. Thanks, Mengsu
SLES 11 SP3 LTSS is end of life. There are some contracts (which you probably have) on "reactive support" , but you need to request fixes sepreately. And we do not state affectedness for these proucts that have left regular LTSS.
(In reply to Marcus Meissner from comment #20) > SLES 11 SP3 LTSS寿命已尽。 > > 关于“反应式支持”,有一些合同(您可能已经签订了),但是您需要单独要求修复。 > > 而且,我们没有说明这些遗留常规LTSS的产品的影响。 Hello Marcus, Ok, thanks for the reply, I will apply for PTF repair separately. Thanks, Mengsu
released