grub2 - Debian Package Tracker

general

source: grub2 (main)
version: 2.14~git20250718.0e36779-2
maintainer: GRUB Maintainers (archive) (DMD)
uploaders: Jordi Mallach [DMD] – Julian Andres Klode [DMD] – Steve McIntyre [DMD] – Felix Zielcke [DMD] [DM] – Mate Kukri [DMD]
arch: any
std-ver: 3.9.6
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.06-3~deb11u6
o-o-sec: 2.06-3~deb11u6
o-o-upd: 2.06-3~deb11u2
oldstable: 2.06-13+deb12u1
old-sec: 2.06-13+deb12u1
old-bpo: 2.12-1~bpo12+1
stable: 2.12-9
testing: 2.14~git20250718.0e36779-2
unstable: 2.14~git20250718.0e36779-2

versioned links

2.06-3~deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.06-3~deb11u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.06-13+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.14~git20250718.0e36779-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

grub-common (169 bugs: 0, 121, 48, 0)
grub-coreboot (1 bugs: 0, 0, 1, 0)
grub-coreboot-bin (1 bugs: 0, 1, 0, 0)
grub-coreboot-dbg
grub-efi (13 bugs: 0, 12, 1, 0)
grub-efi-amd64 (60 bugs: 4, 47, 9, 0)
grub-efi-amd64-bin (16 bugs: 0, 16, 0, 0)
grub-efi-amd64-dbg
grub-efi-amd64-signed-template
grub-efi-amd64-unsigned
grub-efi-arm (2 bugs: 0, 2, 0, 0)
grub-efi-arm-bin
grub-efi-arm-dbg
grub-efi-arm-unsigned
grub-efi-arm64 (5 bugs: 1, 4, 0, 0)
grub-efi-arm64-bin (1 bugs: 0, 1, 0, 0)
grub-efi-arm64-dbg
grub-efi-arm64-signed-template
grub-efi-arm64-unsigned
grub-efi-ia32 (5 bugs: 0, 4, 1, 0)
grub-efi-ia32-bin
grub-efi-ia32-dbg
grub-efi-ia32-signed-template
grub-efi-ia32-unsigned
grub-efi-loong64
grub-efi-loong64-bin
grub-efi-loong64-dbg
grub-efi-loong64-unsigned
grub-efi-riscv64
grub-efi-riscv64-bin
grub-efi-riscv64-dbg
grub-efi-riscv64-unsigned (1 bugs: 0, 1, 0, 0)
grub-emu
grub-emu-dbg
grub-firmware-qemu
grub-ieee1275 (7 bugs: 0, 6, 1, 0)
grub-ieee1275-bin (1 bugs: 0, 1, 0, 0)
grub-ieee1275-dbg
grub-linuxbios
grub-mount-udeb
grub-pc (258 bugs: 1, 205, 52, 0)
grub-pc-bin (7 bugs: 0, 6, 1, 0)
grub-pc-dbg
grub-rescue-pc (3 bugs: 0, 1, 2, 0)
grub-theme-starfield
grub-uboot (1 bugs: 0, 1, 0, 0)
grub-uboot-bin
grub-uboot-dbg
grub-xen (4 bugs: 0, 2, 2, 0)
grub-xen-bin
grub-xen-dbg
grub-xen-host (6 bugs: 0, 6, 0, 0)
grub2 (70 bugs: 0, 49, 21, 0)
grub2-common (70 bugs: 0, 47, 23, 0)

action needed

A new upstream version is available: 2.14 high

A new upstream version 2.14 is available, you should consider packaging it.

Created: 2026-01-18 Last update: 2026-01-31 10:01

lintian reports 453 errors and 170 warnings high

Lintian reports 453 errors and 170 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-01-16 Last update: 2026-01-16 06:00

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 3.9.6).

Created: 2016-02-06 Last update: 2025-12-23 20:00

7 security issues in sid high

There are 7 open security issues in sid.

7 important issues:

CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2025-54770: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability
CVE-2025-54771: A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61661: A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
CVE-2025-61662: A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61663: A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.
CVE-2025-61664: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

Created: 2024-12-20 Last update: 2025-12-04 12:03

7 security issues in forky high

There are 7 open security issues in forky.

7 important issues:

CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2025-54770: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability
CVE-2025-54771: A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61661: A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
CVE-2025-61662: A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61663: A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.
CVE-2025-61664: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

Created: 2025-08-09 Last update: 2025-12-04 12:03

31 security issues in bullseye high

There are 31 open security issues in bullseye.

30 important issues:

CVE-2025-0622: A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
CVE-2025-0624: A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0677: A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.
CVE-2025-0678: A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0684: A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0685: A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0686: A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections.
CVE-2025-0689: When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
CVE-2025-0690: The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
CVE-2025-1118: A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
CVE-2025-1125: When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.
CVE-2025-4382: A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.
CVE-2024-45774: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
CVE-2024-45775: A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
CVE-2024-45776: When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
CVE-2024-45777: A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
CVE-2024-45778: A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
CVE-2024-45779: An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
CVE-2024-45780: A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.
CVE-2024-45781: A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
CVE-2024-45782: A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
CVE-2024-45783: A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
CVE-2024-56737: GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56738: GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2025-54770: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability
CVE-2025-54771: A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61661: A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
CVE-2025-61662: A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61663: A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.
CVE-2025-61664: A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

1 issue postponed or untriaged:

CVE-2021-3981: (needs triaging) A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

Created: 2024-12-20 Last update: 2025-12-04 12:03

debian/patches: 2 patches with invalid metadata, 58 patches to forward upstream high

Among the 68 debian patches available in version 2.14~git20250718.0e36779-2 of the package, we noticed the following issues:

2 patches with invalid metadata that ought to be fixed.
58 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-11-02 22:00

61 bugs tagged patch in the BTS normal

The BTS contains patches fixing 61 bugs (75 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2026-01-31 15:00

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-09-24 Last update: 2026-01-31 09:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.14-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit e369204e2c3a1dd3a385090c9f999cfafe3a88e6
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Tue Jan 27 16:04:07 2026 +0000

    Update changelog

commit ecd605badbe2d2388e78bf8816b1f6ff319ef03b
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Tue Jan 27 15:02:52 2026 +0000

    d/rules: Remove iso9660_test from XFAIL_TESTS
    
    This test is passing now, it seems like it does not need root.

commit 42a54f36061d025190534fb84fcace6bd44766e9
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Tue Jan 27 12:02:27 2026 +0000

    d/rules: Add zfs_zstd_test to XFAIL_TESTS
    
    Like all other FS tests, this is not able to run in the build
    environment.

commit bfc133635103d0a59417ab297ad05d6f6436ea2c
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Tue Jan 27 11:32:23 2026 +0000

    d/p: Do not use --image-base for linking, unbreak grub-pc

commit b5965bdbc7ec6f5c7ef117add32a075f74a5aad6
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Tue Jan 27 11:42:08 2026 +0000

    d/p: Do not check for autoconf-archive, the check is broken

commit fc0302c52423258a9a68cfde32ce588748cda4eb
Merge: de5c70ab 62ae9609
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Mon Jan 26 18:02:36 2026 +0000

    Merge branch 'arraybolt3/disable-ntldr-img' into 'master'
    
    Disable grub-extras/ntldr-img
    
    See merge request grub-team/grub!87

commit 62ae9609a279d0d5f32950e5ba6a895cc68916c8
Author: Aaron Rainbolt <arraybolt3@gmail.com>
Date:   Mon Jan 26 12:02:35 2026 -0600

    Disable grub-extras/ntldr-img

commit de5c70ab58de8c3e6f1ed7edf8f7380b9051efa6
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Mon Jan 26 17:46:21 2026 +0000

    d/control: Add autoconf-archive to build depends

commit d3fb99ef3af277b90f0a3a5770a4725e28ea6cea
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Mon Jan 26 17:38:20 2026 +0000

    Rebase patches on new upstream 2.14 release

commit df95348569b312ae25f21906ac177f9e66a6df5d
Merge: 60bd5b52 3e5df191
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Mon Jan 26 17:21:12 2026 +0000

    Update upstream source from tag 'upstream/2.14'
    
    Update to upstream version '2.14'
    with Debian dir 45628b7da8b01c39163b4c7e5f1bec9a7c110c5f

commit 3e5df191b3919ced7065635eced00a8b84d906c2
Merge: 71350dbc d38d6a1a
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Mon Jan 26 17:14:25 2026 +0000

    New upstream version 2.14

commit d38d6a1a9b79427848976f53d474392cd29c2a71
Author: Daniel Kiper <daniel.kiper@oracle.com>
Date:   Wed Jan 14 16:46:57 2026 +0100

    Release 2.14
    
    Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 35bfd6c47864e5fc0d51415e8874b2efd567b96d
Author: Daniel Kiper <daniel.kiper@oracle.com>
Date:   Tue Jan 13 18:38:38 2026 +0100

    build: Add grub-core/tests/crypto_cipher_mode_vectors.h file to EXTRA_DIST
    
    This file was not added to EXTRA_DIST during test creation.
    
    Fixes: 51ebc6f67 (tests: Add functional tests for ecb/cbc helpers)
    
    Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
    Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
    Reviewed-by: Srish Srinivasan <ssrish@linux.ibm.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>

commit ac042f3f58d33ce9cd5ff61750f06da1a1d7b0eb
Author: Radoslav Kolev <radoslav.kolev@suse.com>
Date:   Tue Jan 13 10:04:22 2026 +0200

    configure: Print a more helpful error if autoconf-archive is not installed
    
    ... because an undefined macro receives another macro as parameter and
    autoconf is not smart enough to produce a useful error message.
    
    Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit e37d0215830b1221c7a0c62f4642716b142f8f5c
Author: Avnish Chouhan <avnish@linux.ibm.com>
Date:   Mon Jan 12 23:20:14 2026 +0530

    kern/ieee1275/openfw: Add a check for invalid partition number
    
    The grub_strtoul() may fail in several scenarios like invalid input,
    overflow, etc. Lack of proper check may lead to unexpected failures
    in the code further.
    
    Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit f94eae0f8de428fd25a4c923662cd36ed552b486
Author: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date:   Wed Dec 24 17:58:59 2025 +0530

    grub-mkimage: Do not generate empty SBAT metadata
    
    When creating core.elf with SBAT the grub-mkimage does not check if
    an SBAT metadata file contains at least an SBAT header or not. It leads to
    adding an empty SBAT ELF note for PowerPC and the .sbat section for EFI.
    Fix this by checking the SBAT metadata file size against the SBAT header
    size before adding SBAT contents to the ELF note or .sbat section.
    
    Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 1aa0dd0c04a7e66d127915c54d7d7f1de5974d4f
Author: Yao Zi <me@ziyao.cc>
Date:   Wed Dec 31 09:05:53 2025 +0000

    configure: Defer check for -mcmodel=large until PIC/PIE checks are done
    
    On RISC-V, large code model is only compatible with position-depedent
    code. However, the configure script checks availability of -mcmodel=large
    before determining whether PIC/PIE is enabled, and disable them.
    
    This is problematic with toolchains that enable PIE by default, where
    check for -mcmodel=large will always fail with,
    
      cc1: sorry, unimplemented: code model 'large' with '-fPIC'
    
    and -mcmodel=medany will be silently used instead, causing relocation
    failures at runtime with some memory layouts since -mcmodel=medany
    requires all data and code to stay within a contiguous 4 GiB range.
    
    Let's defer the check for -mcmodel=large until PIC/PIE is ensured disabled.
    
    Fixes: f1957dc8a334 (RISC-V: Add to build system)
    
    Reported-by: Han Gao <gaohan@iscas.ac.cn>
    Signed-off-by: Yao Zi <me@ziyao.cc>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit ff1edd97526baa7a4aa247966612f46b6c28f14e
Author: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date:   Fri Jan 2 16:13:13 2026 +0530

    util/grub-mkimagexx: Stop generating unaligned appended signatures
    
    When creating the core image with an unaligned appended signature size,
    e.g. 479, for PowerPC, the grub-mkimage aligns the appended signature
    size to a multiple of 4 bytes, but it does not add a padding needed to
    align to multiple of 4 bytes appended signature size in the appended
    signature ELF note. Therefore, after signing and installing this core
    image, the firmware tries to read the magic string "~Module signature
    appended~" from the appended signature ELF note but gets the partial
    magic string like "Module signature appended~". It leads to the appended
    signature magic string match failure.
    
    Example:
      grub-mkimage -O powerpc-ieee1275 -o core.elf -p /grub -x \
        kernel.der --appended-signature-size 479 ...
    
      sign-file SHA256 ./grub.key ./grub.pem ./core.elf ./core.elf.signed
    
    Without padding: hexdump -C ./core.elf.signed
      ...
      00383550  00 00 00 13 00 00 01 e0  41 53 69 67 41 70 70 65  |........ASigAppe|
      00383560  6e 64 65 64 2d 53 69 67  6e 61 74 75 72 65 00 00  |nded-Signature..|
      ...
      003836f0  dd 47 cd ed 02 8e 15 af  5b 09 2e 44 6f da 67 88  |.G......[..Do.g.|
      00383700  4d 94 17 31 26 9d 47 95  d8 7c ad 36 00 d2 9c 53  |M..1&.G..|.6...S|
      00383710  20 e0 af 60 78 cd 22 e6  ed 45 1e b1 e7 7e cf b5  | ..`x."..E...~..|
      00383720  fc 58 ec df 1b ab 7a 00  00 02 00 00 00 00 00 00  |.X....z.........|
      00383730  00 01 b7 7e 4d 6f 64 75  6c 65 20 73 69 67 6e 61  |...~Module signa|
      00383740  74 75 72 65 20 61 70 70  65 6e 64 65 64 7e 0a     |ture appended~.|
    
    Fix this by adding a padding required to align appended signature size in the
    appended signature ELF note to multiple of 4 bytes.
    
    Example:
      grub-mkimage -O powerpc-ieee1275 -o core.elf -p /grub -x \
        kernel.der --appended-signature-size 479 ...
    
      sign-file SHA256 ./grub.key ./grub.pem ./core.elf ./core.elf.signed
    
    With padding: hexdump -C ./core.elf.signed
      ...
      00137460  62 00 00 00 00 00 00 13  00 00 01 ec 41 53 69 67  |b...........ASig|
      00137470  41 70 70 65 6e 64 65 64  2d 53 69 67 6e 61 74 75  |Appended-Signatu|
      ...
      00137610  b7 07 cd b6 c8 ca 9a 5b  7c 13 8c 75 1d 1c 54 81  |.......[|..u..T.|
      00137620  7f c4 9a 8b bd d7 73 8d  2f 7d d2 e6 d1 3c 52 a9  |......s./}...<R.|
      00137630  4e 0b e5 24 ba 0a 82 aa  8e c5 86 fa e1 19 50 ec  |N..$..........P.|
      00137640  9f a7 9a ed e5 ed 13 35  00 00 02 00 00 00 00 00  |.......5........|
      00137650  00 00 01 c2 7e 4d 6f 64  75 6c 65 20 73 69 67 6e  |....~Module sign|
      00137660  61 74 75 72 65 20 61 70  70 65 6e 64 65 64 7e 0a  |ature appended~.|
    
    Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 51ebc6f677e7216c8f5a77dd204b2961f27a7c93
Author: Srish Srinivasan <ssrish@linux.ibm.com>
Date:   Fri Jan 2 15:57:31 2026 +0530

    tests: Add functional tests for ecb/cbc helpers
    
    Test the following helper functions using AES with 128, 192, and
    256 bit keys:
      - grub_crypto_ecb_encrypt(),
      - grub_crypto_ecb_decrypt(),
      - grub_crypto_cbc_encrypt(),
      - grub_crypto_cbc_decrypt().
    
    Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
    Reviewed-by: Glenn Washburn <development@efficientek.com>

commit caaf50b9affbd4c9e7313a4fdc03c4fa439a6a1f
Author: Srish Srinivasan <ssrish@linux.ibm.com>
Date:   Mon Dec 8 15:51:29 2025 +0530

    osdep/aros/hostdisk: Fix use-after-free bug during MsgPort deletion
    
    ... in function grub_util_fd_open() when creation of an I/O request or
    opening a device fails. The "ret", the file descriptor, will be freed
    before its associated MsgPort is deleted resulting in a use-after-free
    condition.
    
    Fix this issue by freeing "ret" after its associated MsgPort has been
    deleted.
    
    Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com>
    Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 18f08826f98a58f214b622fbd299bf56389cc94d
Author: Ingo Breßler <dev@ingobressler.net>
Date:   Mon Dec 22 11:11:05 2025 +0100

    kern/efi/sb: Enable loading GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY and GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER
    
    ... file types when UEFI Secure Boot is enabled. Otherwise it is not
    possible to load cryptodisk encryption key or detached header.
    
    Fixes: https://savannah.gnu.org/bugs/?65889
    
    Signed-off-by: Ingo Breßler <dev@ingobressler.net>
    Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
    Reviewed-by: Alec Brown <alec.r.brown@oracle.com>

commit 25b7f6b9344a4bac18c26ce143a156ac2bcb3ec4
Author: Radoslav Kolev <radoslav.kolev@suse.com>
Date:   Fri Dec 19 16:25:03 2025 +0200

    blsuki: Error out if unexpected arguments are supplied
    
    This can be especially helpful, as the Fedora version of the blscfg
    actually made use of positional arguments, but current implementation
    switched to parameters. For example what used to be "blscfg (hd0,gpt2)/..."
    now should be "blscfg --path (hd0,gpt2)/...)". In case of old configs/scripts
    still supplying positional arguments we will now error out instead of just
    ignoring them and falling back to defaults silently.
    
    Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit cfeff5e0718329ad666502c15644fef79625168c
Author: Radoslav Kolev <radoslav.kolev@suse.com>
Date:   Fri Dec 19 16:25:02 2025 +0200

    blsuki: Fix default location in comment to /loader/entries
    
    Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit d19a74a17fd92361921a1e8903321d4eac56bcb4
Author: Radoslav Kolev <radoslav.kolev@suse.com>
Date:   Fri Dec 19 16:25:01 2025 +0200

    blsuki: Use specified device in case of fallback
    
    Currently if the fallback option is enabled and no files are found in
    the specified directory it searches the default (loader/conf) directory
    but always in the device set by the root environment variable. It makes
    more sense and also the comment in the code implies, that the default
    directory on the current device should be searched.
    
    Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 242816e93fdfd9d5b767118c2de6c8adf64f3818
Author: Radoslav Kolev <radoslav.kolev@suse.com>
Date:   Fri Dec 19 16:25:00 2025 +0200

    blsuki: Fix position of DIR parameter in blscfg command summary
    
    The DIR parameter in the example should be specified after the -p|--path option
    instead of after -f|fallback.
    
    Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit b733d9d6dcf04c6aba88a4690a916c2cbb4ec5ac
Author: Radoslav Kolev <radoslav.kolev@suse.com>
Date:   Fri Dec 19 16:24:59 2025 +0200

    blsuki: Fix typo in entry parameter description
    
    Change "specificUKII entries" to "specific UKI entries".
    
    Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 0f0899c32985d3ab194f01c367f094cb38bcd55c
Author: Khalid Ali <khaliidcaliy@gmail.com>
Date:   Mon Dec 15 16:59:46 2025 +0000

    efi: Fix several memory leaks of UEFI handles
    
    Fix possible and absolute memory leaks of "handles"
    returned by grub_efi_locate_handle() using grub_malloc().
    
    Signed-off-by: Khalid Ali <khaliidcaliy@gmail.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit c477a9551903c76466b9208ccf09dc6b9923dc7d
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Date:   Sat Dec 13 20:59:58 2025 +0100

    util/grub-install: Allow recursive copying of theme dirs
    
    grub-install allows to pass a parameter to install a theme in the boot partition.
    This works fine for the default starfield theme. However, in general themes can
    contain subdirectories, as, e.g. "icons", and these are not copied by grub-install.
    As a result, the icons are missing on the screen.
    
    Fix this by simple recursive copying.
    
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit f551d3de2448ead507a6af6d17afeb34103c2c99
Author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date:   Sat Dec 13 04:33:52 2025 +0100

    commands/efi/lsefisystab: Recognize EFI_MEMORY_ATTRIBUTES_TABLE_GUID and EFI_TCG2_FINAL_EVENTS_TABLE_GUID
    
    Let the lsefisystab command recognize the following table GUIDs:
      - EFI_MEMORY_ATTRIBUTES_TABLE_GUID,
      - EFI_TCG2_FINAL_EVENTS_TABLE_GUID.
    
    Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
    Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit ee283b14aea03aff13b95f976f58304124f504d6
Author: Glenn Washburn <development@efficientek.com>
Date:   Fri Dec 12 00:23:49 2025 -0600

    tests/util/grub-fs-tester: Use CSMACINTOSH encoding instead of macroman
    
    From Debian 12 to 13, recode had a major overhaul and now does not support
    the macroman encoding. Its unclear if this is a bug or intentional.
    Regardless, use the CSMACINTOSH encoding instead as MacRoman and it are
    aliases and CSMACINTOSH is supported on both Debian 12 and 13.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 9b2c8ae5d22463974916fa476f419a5809bc3f6b
Author: Luca Boccassi <luca.boccassi@gmail.com>
Date:   Wed Dec 10 23:47:53 2025 +0000

    commands/bli: Set UINT32_MAX in LoaderTpm2ActivePcrBanks if TPM2 present but no banks protocol
    
    The implementation in sd-boot was changed to return UINT32_MAX when
    the EFI environment detects a working TPM2, but with an older firmware
    that doesn't implement the protocol to get the list of active banks.
    This allows distinguishing with the case where there is no working TPM2,
    in which case userspace just gives up, and instead lets userspace try to
    figure it out later.
    
    Fixes: f326c5c47 (commands/bli: Set LoaderTpm2ActivePcrBanks runtime variable)
    
    Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit c0669af6a86b57283087cdea2244332eb892f21c
Author: Sridhar Markonda <sridharm@linux.ibm.com>
Date:   Tue Dec 2 12:38:45 2025 +0530

    script/execute: Add a NULL check after grub_calloc() call
    
    ... in gettext_append() to handle allocation errors. This prevents NULL
    pointer dereference and stops crashes during string translation.
    
    Signed-off-by: Sridhar Markonda <sridharm@linux.ibm.com>
    Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 02cae1a3579496ea3fce774d72a4e0f72b721ef1
Author: Avnish Chouhan <avnish@linux.ibm.com>
Date:   Mon Dec 1 15:11:23 2025 +0530

    disk/ieee1275/ofdisk: Fix memory leaks
    
    In case of an overflow "p" and "p->grub_devpath" will not be freed.
    Fix both issues.
    
    Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>

commit 09c512b8fabdbc19d5698925c796c43def240bc0
Author: Avnish Chouhan <avnish@linux.ibm.com>
Date:   Thu Nov 27 14:32:12 2025 +0530

    efiemu/loadcore: Add grub_calloc() failure check
    
    Add a failure check after grub_calloc() call. If grub_calloc()
    fails, e.g., due to memory allocation failure, it returns NULL.
    Then using grub_efiemu_elfsyms, which will be NULL, later will
    result in a NULL pointer dereference.
    
    Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 641646376b81593be9490864d56b25cd9922f630
Author: George Hu <integral@archlinux.org>
Date:   Wed Nov 26 16:45:46 2025 +0800

    lib/x86_64/setjmp: Use 32-bit zero idiom for shorter encoding
    
    Switch from "xorq %rax, %rax" to "xorl %eax, %eax". In 64-bit mode
    zeroing EAX implicitly clears RAX and the 32-bit form encodes are one
    byte smaller while keeping identical semantics.
    
    Signed-off-by: George Hu <integral@archlinux.org>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit d07ebd11d6cf0219f4cbdf0f268f1b082abefdda
Author: Glenn Washburn <development@efficientek.com>
Date:   Thu Nov 20 23:29:41 2025 -0600

    tests: Fix nonnative tests labeled as native
    
    The tests asn1_test and tpm2_key_protector_test should be labelled as
    nonnative tests because they run tests on the target. A clue that
    indicates a nonnative test is the usage of the grub-shell script.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit a90ccbac677db62fc0c1940cda4388370ac8a04b
Author: Glenn Washburn <development@efficientek.com>
Date:   Fri Dec 12 00:21:59 2025 -0600

    INSTALL: Add note that the GNU Autoconf Archive may be needed
    
    As of 1a5417f39a0c (configure: Check linker for --image-base support),
    the GNU Autoconf Archive is now required to bootstrap GRUB.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 29f3131a3632c70129a29d924fcb8ac98f08ee2b
Author: Glenn Washburn <development@efficientek.com>
Date:   Thu Nov 20 12:56:48 2025 -0600

    INSTALL: Fix a grammatical error
    
    Also, add more documentation mentioning that the tests require
    a "specially crafted environment" to run. Just running as root
    is not enough.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 0a31df119d9f75fa357960a0f247b2795ba71656
Author: Glenn Washburn <development@efficientek.com>
Date:   Thu Nov 20 12:56:47 2025 -0600

    bootstrap: Condense and simplify LINGUAS generation
    
    Remove unnecessary subshells. Loop over autogenerated po files only once.
    Use existing LINGUAS created by bootstrap instead of finding po files
    again.
    
    Add wget as a soft requirement now that we are using bootstrap's code
    for updating translation files. This should only be needed if updated
    translations are desired, which is the default. There should be older
    translation files already, and wget is not necessary if those will
    suffice.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 0dfec2945ae4847de4e7e0d607cde6c144ac9ee1
Author: Glenn Washburn <development@efficientek.com>
Date:   Thu Nov 20 12:56:46 2025 -0600

    bootstrap: Migrate linguas.sh into bootstrap.conf
    
    Bootstrap has infrastructure for downloading/updating project po files
    and generating the LINGUAS file. It uses wget instead of rsync, but
    provides the same functionality, namely that only po files that have
    a modification date before the corresponding one on the server will get
    redownloaded. Bootstrap creates a pristine copy of the po files in
    po/.reference, so update .gitignore to ignore that directory.
    
    Bootstrap also creates the po/LINGUAS file, but it does not know to add
    in GRUB's autogenerated po files. So move that code from linguas.sh into
    the bootstrap epilogue.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 8a6ea7ab7bed6ed39316897933b8bcf1936ab206
Author: Glenn Washburn <development@efficientek.com>
Date:   Thu Nov 20 12:56:45 2025 -0600

    bootstrap: Run linguas.sh in bootstrap epilogue
    
    Heretofore, linguas.sh had to be run by the user and a common mistake
    made when building GRUB was to not run the command. By adding it to
    the bootstrap epilogue it will by default get run at the end of the
    bootstrap script. The user no longer needs to remember to run it.
    If the --skip-po option is passed to bootstrap, do not run linguas.sh.
    This allows for bootstrap to be run without updating the translations,
    which might be desired in the future if we track po files so that
    translations can be used as they were at time of release.
    
    Update INSTALL file to reflect that it is no longer necessary to run
    linguas.sh. Also, fix a list numbering error.
    
    Fixes: 9f73ebd49be (* INSTALL: Document linguas.sh.)
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit cb811bdf053d5e976e50673bd4685a64f63f844c
Author: Avnish Chouhan <avnish@linux.ibm.com>
Date:   Thu Nov 20 13:41:41 2025 +0530

    normal/cmdline: Add grub_calloc() failure check and fix hist_lines state loss
    
    If grub_calloc() fails hist_lines becomes NULL. It means we loose the
    reference to the previously allocated hist_lines and leak memory. With
    this change on failure hist_lines still points to the old memory. So,
    no leak, no state corruption.
    
    Signed-off-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 8a850f47d070a19bac355807f16461bf52807510
Author: Michael Chang <mchang@suse.com>
Date:   Thu Nov 20 14:25:50 2025 +0800

    blsuki: Fix grub_errno leakage in blsuki_is_default_entry()
    
    The grub_strtol() call in blsuki_is_default_entry() can set grub_errno
    to either GRUB_ERR_BAD_NUMBER or GRUB_ERR_OUT_OF_RANGE if the input
    string is invalid or out of range.
    
    This grub_errno value is currently left uncleared, which can lead to
    unexpected behavior in subsequent functions that rely on checking
    current state of grub_errno.
    
    Clear grub_errno unconditionally when grub_strtol() reports error so
    that we can plug the leak.
    
    Signed-off-by: Michael Chang <mchang@suse.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit a8b2beedf684f0200e252efe9ba5fad2665b2a36
Author: Glenn Washburn <development@efficientek.com>
Date:   Wed Nov 19 13:11:35 2025 -0600

    Revert "tests: Remove -w param from mkfs.hfsplus command"
    
    The original commit removes testing of GRUB's support for HFS+
    wrapping and replaces it with testing that is an exact duplicate of
    another test, namely HFS+ without wrapping. To start, the change is
    misleading in that it suggests that the testing of HFS+ wrapping is
    still taking place, when it is not. If it was desired to remove support
    for testing the HFS+ wrapping, then the test should have been removed
    entirely. Second, having a series of tests that are exactly the same is
    just a waste of testing resources. And third, the justification for the
    change is nonsensical. Just because a required program may not have
    a required feature on a particular distro is not a reason that a test
    should be removed. Reducing test coverage because some distros do not
    have the tools GRUB needs to run certain tests goes against the testing
    priority to have test coverage be as broad as possible. The fact is
    that Debian, the officially supported distro for running the tests, does
    have a mkfs.hfsplus that supports the -w parameter.
    
    This reverts commit 2bc0929a2 (tests: Remove -w param from mkfs.hfsplus command).
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 14376470520d3106e32f5c0db4d15a86e7eaf33a
Author: Glenn Washburn <development@efficientek.com>
Date:   Wed Nov 19 13:11:34 2025 -0600

    Revert "tests: Skip tests if required tools are not available"
    
    As explained in commit a21618c8a (tests: Test aborts due to missing
    requirements should be marked as error instead of skipped) and in the
    Automake manual[1], skipped tests are tests that should not be run, e.g.
    running the ohci test on the powerpc-ieee1275 as there are no native ohci
    drivers for that platform. Test that fail for reasons other than there is
    a bug in GRUB code that is causing the test to fail are hard errors.
    Commonly this is because the test is run in an improperly configured
    environment, like required programs are missing. If a hard error condition
    is identified with a SKIP return code, the person running the tests can not
    know without investigating every skip if a SKIP in the tests was because
    the test does not apply to the target being tested or because the user had
    a misconfigured environment that was causing the test not to run. By
    ensuring that a test is skipped only when it should not run, the person
    running the test can be sure that there is no need to investigate why the
    test was skipped.
    
    This reverts commit bf13fed5f (tests: Skip tests if required tools are not available).
    
    [1] https://www.gnu.org/software/automake/manual/automake.html#Generalities-about-Testing
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 07c250487fea48fb934efab2bdfe32e9339cfabf
Author: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date:   Wed Nov 19 15:30:47 2025 +0530

    osdep/linux/ofpath: Add missing strdup() failure checks
    
    Segmentation faults or undefined behaviour may result from a NULL pointer
    dereference in strip_trailing_digits() and grub_util_devname_to_ofpath()
    if strdup() fails. Therefore, I added a NULL check to fix this.
    
    Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Srish Srinivasan <ssrish@linux.ibm.com>
    Reviewed-by: Avnish Chouhan <avnish@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit ae69b464bedfdf4da9147124dce28cbebf3bb3d9
Author: Vladimir Serbinenko <phcoder@gmail.com>
Date:   Wed Nov 19 06:37:32 2025 +0000

    lib/relocator: Fix dereference after NULL check
    
    In the function free_subchunk(), after checking that subchu->post isn't NULL,
    grub_memset() is called on subchu->pre->freebytes but it should be called on
    subchu->post->freebytes. If subchu->pre is NULL but subchu->post isn't NULL,
    then this could lead to a NULL pointer dereference.
    
    Fixes: CID 473882
    
    Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
    Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
    Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 1a5417f39a0ccefcdd5440f2a67f84d2d2e26960
Author: Nicholas Vinson <nvinson234@gmail.com>
Date:   Tue Nov 18 19:38:07 2025 -0500

    configure: Check linker for --image-base support
    
    In several scenarios, configure tests assume it's safe to use
    "-Wl,-Ttext,<address>", but starting with ld.lld-21, blindly using that
    flag may result in configure-test failures due to ld.lld failing to
    link. The failure is because ld.lld-21 no longer allows the specified
    address is less than the base address.
    
    However, ld.lld-21+ and ld.bfd-2.44+ both provide support for the
    --image-base flag making it preferable over the older -Ttext flag.
    
    Fixes: https://savannah.gnu.org/bugs/?67662
    
    Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit f41c896d2345bee41e4db9208e1dbb7f8d621c02
Author: Glenn Washburn <development@efficientek.com>
Date:   Mon Nov 17 18:01:44 2025 -0600

    INSTALL: Make note that Linux kernel 6.12.x or earlier is needed for reiserfs testing
    
    Also, remove wording suggesting that tests may be skipped if prerequisites
    are not installed. Tests should never be skipped because of an environment
    misconfiguration, instead they should return a hard error (code 99).
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit 591e02bc6e3bc6e3cc536794c44fa289f0aa0ebf
Author: Glenn Washburn <development@efficientek.com>
Date:   Mon Nov 17 18:01:43 2025 -0600

    docs: Reorganize test section and add section on writing tests
    
    Rename the main section to Tests and put the existing test section into
    a subsection. A new subsection called "Writing tests" is added to give
    a brief overview and make clear the difference in returning a SKIP code
    versus a HARD ERROR code.
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

commit db16859e8e859171763bc71bb1f1a4e6e67af169
Author: Glenn Washburn <development@efficientek.com>
Date:   Mon Nov 17 18:01:42 2025 -0600

    docs: Add note and explanation that the privileged user is required for properly running the tests
    
    Signed-off-by: Glenn Washburn <development@efficientek.com>
    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Created: 2026-01-26 Last update: 2026-01-27 18:31

10 open merge requests in Salsa normal

There are 10 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2026-01-26 18:31

8 low-priority security issues in trixie low

There are 8 open security issues in trixie.

8 issues left for the package maintainer to handle:

CVE-2025-4382: (needs triaging) A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.
CVE-2024-56738: (postponed; to be fixed through a stable update) GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2025-54770: (needs triaging) A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability
CVE-2025-54771: (needs triaging) A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61661: (needs triaging) A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
CVE-2025-61662: (needs triaging) A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61663: (needs triaging) A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.
CVE-2025-61664: (needs triaging) A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-05-10 Last update: 2025-12-04 12:03

30 low-priority security issues in bookworm low

There are 30 open security issues in bookworm.

30 issues left for the package maintainer to handle:

CVE-2025-0622: (needs triaging) A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
CVE-2025-0624: (needs triaging) A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
CVE-2025-0677: (needs triaging) A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.
CVE-2025-0678: (needs triaging) A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0684: (needs triaging) A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0685: (needs triaging) A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.
CVE-2025-0686: (needs triaging) A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections.
CVE-2025-0689: (needs triaging) When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.
CVE-2025-0690: (needs triaging) The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
CVE-2025-1118: (needs triaging) A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
CVE-2025-1125: (needs triaging) When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.
CVE-2025-4382: (needs triaging) A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.
CVE-2024-45774: (needs triaging) A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
CVE-2024-45775: (needs triaging) A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.
CVE-2024-45776: (needs triaging) When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
CVE-2024-45777: (needs triaging) A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
CVE-2024-45778: (needs triaging) A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
CVE-2024-45779: (needs triaging) An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
CVE-2024-45780: (needs triaging) A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.
CVE-2024-45781: (needs triaging) A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
CVE-2024-45782: (needs triaging) A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
CVE-2024-45783: (needs triaging) A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.
CVE-2024-56737: (needs triaging) GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56738: (postponed; to be fixed through a stable update) GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
CVE-2025-54770: (needs triaging) A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability
CVE-2025-54771: (needs triaging) A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61661: (needs triaging) A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
CVE-2025-61662: (needs triaging) A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVE-2025-61663: (needs triaging) A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.
CVE-2025-61664: (needs triaging) A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-12-20 Last update: 2025-12-04 12:03

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2025-11-03 11:00

testing migrations

This package will soon be part of the s390-31-bit-rm transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2025-12-05] grub2 2.14~git20250718.0e36779-2 MIGRATED to testing (Debian testing watch)
[2025-11-02] Accepted grub2 2.14~git20250718.0e36779-2 (source) into unstable (Julian Andres Klode)
[2025-08-12] Accepted grub2 2.14~git20250718.0e36779-1 (source) into experimental (Mate Kukri) (signed by: Julian Andres Klode)
[2025-07-09] grub2 2.12-9 MIGRATED to testing (Debian testing watch)
[2025-07-03] Accepted grub2 2.12-9 (source) into unstable (Felix Zielcke)
[2025-06-18] grub2 2.12-8 MIGRATED to testing (Debian testing watch)
[2025-06-11] Accepted grub2 2.12-8 (source) into unstable (Felix Zielcke)
[2025-03-23] grub2 2.12-7 MIGRATED to testing (Debian testing watch)
[2025-03-15] Accepted grub2 2.12-7 (source) into unstable (Felix Zielcke)
[2025-03-13] Accepted grub2 2.12-6 (source) into unstable (Mate Kukri) (signed by: Julian Andres Klode)
[2024-07-21] grub2 2.12-5 MIGRATED to testing (Debian testing watch)
[2024-07-15] Accepted grub2 2.12-5 (source) into unstable (Felix Zielcke)
[2024-07-10] Accepted grub2 2.12-4 (source) into unstable (Felix Zielcke)
[2024-05-03] grub2 2.12-2 MIGRATED to testing (Debian testing watch)
[2024-04-25] Accepted grub2 2.12-3 (source amd64) into experimental (Debian FTP Masters) (signed by: Julian Andres Klode)
[2024-04-07] grub2 2.12-2~deb13u1 MIGRATED to testing (Debian testing watch)
[2024-04-05] Accepted grub2 2.12-2 (source) into unstable (Julian Andres Klode)
[2024-04-05] Accepted grub2 2.12-2~deb13u1 (source) into testing-proposed-updates (Julian Andres Klode)
[2024-04-03] Accepted grub2 2.12-1.1 (source) into unstable (Bastian Blank)
[2024-03-13] Accepted grub2 2.12-1~bpo12+1 (source amd64) into stable-backports (Debian FTP Masters) (signed by: John Goerzen)
[2024-02-01] grub2 2.12-1 MIGRATED to testing (Debian testing watch)
[2024-01-23] Accepted grub2 2.12-1 (source) into unstable (Mate Kukri) (signed by: Julian Andres Klode)
[2024-01-12] Accepted grub2 2.12~rc1-13 (source) into unstable (Julian Andres Klode)
[2023-11-09] Accepted grub2 2.12~rc1-12 (source) into unstable (Julian Andres Klode)
[2023-10-11] grub2 2.06-13+deb13u1 MIGRATED to testing (Debian testing watch)
[2023-10-10] Accepted grub2 2.06-3~deb11u6 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-10] Accepted grub2 2.06-13+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-09] Accepted grub2 2.06-13+deb13u1 (source) into testing-proposed-updates (Julian Andres Klode)
[2023-10-06] Accepted grub2 2.06-3~deb11u6 (source) into oldstable-security (Debian FTP Masters) (signed by: Julian Andres Klode)
[2023-10-06] Accepted grub2 2.06-13+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Julian Andres Klode)

bugs [bug history graph]

all: 723 756
RC: 9
I&N: 545 569
M&W: 167 176
F&P: 2
patch: 61 75

links

homepage
lintian (453, 170)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (89, -)
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.14~git20250718.0e36779-1ubuntu4
281 bugs (18 patches)
patches for 2.14~git20250718.0e36779-1ubuntu4