What the vulnerability does

01Description

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

Key dates

02Disclosure timeline

December 29, 2024 CVE published
December 31, 2024 Record updated