Bug#1102217: CVE-2024-56738: Fix for grub_crypto_memcmp to use constant-time algorithm

Amin, Mostafa Mostafa.Amin at windriver.com
Fri May 2 15:32:47 BST 2025 


Hi Salvatore,

Following up on your request, I checked the upstream GRUB bug report for this issue: https://savannah.gnu.org/bugs/?66603

The bug is still open. A maintainer (Vladimir Serbinenko)  commented in December 2024 about a plan to switch to libgcrypt functions, but there hasn't been recent activity.

I have added a comment to the upstream bug report asking for an update on the libgcrypt plan and whether applying the direct constant-time fix (similar to the one proposed upstream and the patch I submitted here) would be acceptable in the meantime, given the ongoing impact on Debian.

I will report back here if there are further updates from upstream.

Thanks,
Mostafa

________________________________
From: Salvatore Bonaccorso <salvatore.bonaccorso at gmail.com> on behalf of Salvatore Bonaccorso <carnil at debian.org>
Sent: Thursday, May 1, 2025 1:07 AM
To: Amin, Mostafa <Mostafa.Amin at windriver.com>
Cc: pkg-grub-devel at alioth-lists.debian.net <pkg-grub-devel at alioth-lists.debian.net>; team at security.debian.org <team at security.debian.org>; 1102217 at bugs.debian.org <1102217 at bugs.debian.org>
Subject: Re: CVE-2024-56738: Fix for grub_crypto_memcmp to use constant-time algorithm

CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Mostafa,

On Tue, Apr 29, 2025 at 04:12:03PM +0000, Amin, Mostafa wrote:
> Dear Security team,
>
> I am submitting a fix for CVE-2024-56738 affecting the GRUB2 package in Debian.
>
> Description of the vulnerability:
> GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time
> algorithm for grub_crypto_memcmp and thus allows side-channel
> attacks. The current implementation returns early when a difference
> is found, which can lead to timing attacks that reveal information
> about the compared data.
>
> Affected Debian versions:
> - bookworm
> - bullseye
> - trixie/sid
>
> The fix implements a constant-time comparison algorithm that:
> 1. Uses bitwise operations (XOR and OR) instead of conditional branching
> 2. Always processes all bytes regardless of whether differences are found
> 3. Uses volatile to prevent compiler optimizations that could reintroduce timing issues
>
> I've verified that the patch is syntactically correct and implements
> proper constant-time comparison according to cryptographic best
> practices.
>
>
> I've attached the patch file to this email.

TTBOMK, this has not yet been fixed upstream itself and the upstream
bug https://savannah.gnu.org/bugs/?66603 is not yet acted on, is this
correct?

Is this correct?

If so I think the first step would be to make it accepted upstream
change at which point it can flow down to Debian as well.

Can you ping upstream on the upstream status (and report back to us as
well?). Ideally by including again the bugreport #1102217 in Debian.

Regards,
Salvatore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20250502/5f32c9e4/attachment.htm>

More information about the Pkg-grub-devel mailing list