CVE-2024-49504 HIGH

CVE-2024-49504: grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images

Vendor Suse
Product openSUSE Tumbleweed
Published November 13, 2024
Last update November 13, 2024

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
November 13, 2024 Record updated