Bug#1102217: CVE-2024-56738: Fix for grub_crypto_memcmp to use constant-time algorithm
Salvatore Bonaccorso
carnil at debian.org
Thu May 1 06:07:03 BST 2025
Hi Mostafa,
On Tue, Apr 29, 2025 at 04:12:03PM +0000, Amin, Mostafa wrote:
> Dear Security team,
>
> I am submitting a fix for CVE-2024-56738 affecting the GRUB2 package in Debian.
>
> Description of the vulnerability:
> GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time
> algorithm for grub_crypto_memcmp and thus allows side-channel
> attacks. The current implementation returns early when a difference
> is found, which can lead to timing attacks that reveal information
> about the compared data.
>
> Affected Debian versions:
> - bookworm
> - bullseye
> - trixie/sid
>
> The fix implements a constant-time comparison algorithm that:
> 1. Uses bitwise operations (XOR and OR) instead of conditional branching
> 2. Always processes all bytes regardless of whether differences are found
> 3. Uses volatile to prevent compiler optimizations that could reintroduce timing issues
>
> I've verified that the patch is syntactically correct and implements
> proper constant-time comparison according to cryptographic best
> practices.
>
>
> I've attached the patch file to this email.
TTBOMK, this has not yet been fixed upstream itself and the upstream
bug https://savannah.gnu.org/bugs/?66603 is not yet acted on, is this
correct?
Is this correct?
If so I think the first step would be to make it accepted upstream
change at which point it can flow down to Debian as well.
Can you ping upstream on the upstream status (and report back to us as
well?). Ideally by including again the bugreport #1102217 in Debian.
Regards,
Salvatore
More information about the Pkg-grub-devel
mailing list