ELSA-2025-16154

ULN >
Oracle Linux Errata repository >
ELSA-2025-16154

ELSA-2025-16154 - grub2 security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-09-18

Description

[2.12-15.0.1]
- efinet: Close and reopen card on failure [Orabug: 37808688]
- Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
- Fix typo in SBAT metadata [Orabug: 37693946]
- Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
- Enable btrfs module [Orabug: 37412995]
- Restored shim related conflicts and provide. [Orabug: 37376920]
- Rework the scripts to cover both in-place upgrade and update scenarios [Orabug: 36768566]
- Support setting custom kernels as default kernels [Orabug: 36043978]
- Bump SBAT metadata for grub to 3 [Orabug: 34872719]
- Fix CVE-2022-3775 [Orabug: 34871953]
- Enable signing for aarch64 EFI
- Fix signing certificate names
- Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986]
- Replaced bugzilla.oracle.com references [Orabug: 34202300]
- Update provided certificate version to 202204 [JIRA: OLDIS-16371]
- Various coverity fixes [JIRA: OLDIS-16371]
- bump SBAT generation
- Update bug url [Orabug: 34202300]
- Revert provided certificate version back to 202102 [JIRA: OLDIS-16371]
- Update signing certificate [JIRA: OLDIS-16371]
- fix SBAT data [JIRA: OLDIS-16371]
- Update requires [JIRA: OLDIS-16371]
- Rebuild for SecureBoot signatures [Orabug: 33801813]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.12-15]
- 99-grub-mkconfig.install: Disable BLS and run grub2-mkconfig when GRUB_ENABLE_BLSCFG is disable
- Resolves: #RHEL-86261

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	grub2-2.12-15.0.1.el10_0.src.rpm	f8ee7659f0b728e3c438574f1f81b3edec7b81db6ec03743bd4e4e5395e840d2	-	ol10_aarch64_baseos_latest
	grub2-2.12-15.0.1.el10_0.src.rpm	f8ee7659f0b728e3c438574f1f81b3edec7b81db6ec03743bd4e4e5395e840d2	-	ol10_aarch64_u0_baseos_patch
	grub2-common-2.12-15.0.1.el10_0.noarch.rpm	84d0558e99cdb20c55a865c3de01a24ed8332783f4dd67c38264dc38892c4406	-	ol10_aarch64_baseos_latest
	grub2-common-2.12-15.0.1.el10_0.noarch.rpm	84d0558e99cdb20c55a865c3de01a24ed8332783f4dd67c38264dc38892c4406	-	ol10_aarch64_u0_baseos_patch
	grub2-efi-aa64-2.12-15.0.1.el10_0.aarch64.rpm	f826fab7460dd2fa5f39c40d07dc90f5048002b9f2338976dd33b3cd65397a44	-	ol10_aarch64_baseos_latest
	grub2-efi-aa64-2.12-15.0.1.el10_0.aarch64.rpm	f826fab7460dd2fa5f39c40d07dc90f5048002b9f2338976dd33b3cd65397a44	-	ol10_aarch64_u0_baseos_patch
	grub2-efi-aa64-cdboot-2.12-15.0.1.el10_0.aarch64.rpm	6b410d3ef794a75ee87035c4e03c49aa9fa5b28c48e54e27c7e95787b606a2ba	-	ol10_aarch64_baseos_latest
	grub2-efi-aa64-cdboot-2.12-15.0.1.el10_0.aarch64.rpm	6b410d3ef794a75ee87035c4e03c49aa9fa5b28c48e54e27c7e95787b606a2ba	-	ol10_aarch64_u0_baseos_patch
	grub2-efi-aa64-modules-2.12-15.0.1.el10_0.noarch.rpm	b325b3c478f0843ffdd54d5d545d67529c79a0ef4f950a93ccc69de276fc59c9	-	ol10_aarch64_baseos_latest
	grub2-efi-aa64-modules-2.12-15.0.1.el10_0.noarch.rpm	b325b3c478f0843ffdd54d5d545d67529c79a0ef4f950a93ccc69de276fc59c9	-	ol10_aarch64_u0_baseos_patch
	grub2-efi-x64-modules-2.12-15.0.1.el10_0.noarch.rpm	9f807df440e73c5b4b1c1334e0be6be1ce5676925a42aa317e43e50db949b427	-	ol10_aarch64_baseos_latest
	grub2-efi-x64-modules-2.12-15.0.1.el10_0.noarch.rpm	9f807df440e73c5b4b1c1334e0be6be1ce5676925a42aa317e43e50db949b427	-	ol10_aarch64_u0_baseos_patch
	grub2-tools-2.12-15.0.1.el10_0.aarch64.rpm	554e076e13c9cf85cb7ba0dc1371bc63d02e6ba6ab3232896a4ee7095b99c25c	-	ol10_aarch64_baseos_latest
	grub2-tools-2.12-15.0.1.el10_0.aarch64.rpm	554e076e13c9cf85cb7ba0dc1371bc63d02e6ba6ab3232896a4ee7095b99c25c	-	ol10_aarch64_u0_baseos_patch
	grub2-tools-extra-2.12-15.0.1.el10_0.aarch64.rpm	b9d14ad9b9d2b9f57f841498b64a37130e4ac8a5601c477b3460077e4d26c336	-	ol10_aarch64_baseos_latest
	grub2-tools-extra-2.12-15.0.1.el10_0.aarch64.rpm	b9d14ad9b9d2b9f57f841498b64a37130e4ac8a5601c477b3460077e4d26c336	-	ol10_aarch64_u0_baseos_patch
	grub2-tools-minimal-2.12-15.0.1.el10_0.aarch64.rpm	4db7c12a266de0b96c5dd7d74240bce2e8eb851959bf75229a914163f4d20130	-	ol10_aarch64_baseos_latest
	grub2-tools-minimal-2.12-15.0.1.el10_0.aarch64.rpm	4db7c12a266de0b96c5dd7d74240bce2e8eb851959bf75229a914163f4d20130	-	ol10_aarch64_u0_baseos_patch

Oracle Linux 10 (x86_64)	grub2-2.12-15.0.1.el10_0.src.rpm	f8ee7659f0b728e3c438574f1f81b3edec7b81db6ec03743bd4e4e5395e840d2	-	ol10_x86_64_baseos_latest
	grub2-2.12-15.0.1.el10_0.src.rpm	f8ee7659f0b728e3c438574f1f81b3edec7b81db6ec03743bd4e4e5395e840d2	-	ol10_x86_64_u0_baseos_patch
	grub2-common-2.12-15.0.1.el10_0.noarch.rpm	84d0558e99cdb20c55a865c3de01a24ed8332783f4dd67c38264dc38892c4406	-	ol10_x86_64_baseos_latest
	grub2-common-2.12-15.0.1.el10_0.noarch.rpm	84d0558e99cdb20c55a865c3de01a24ed8332783f4dd67c38264dc38892c4406	-	ol10_x86_64_u0_baseos_patch
	grub2-efi-aa64-modules-2.12-15.0.1.el10_0.noarch.rpm	b325b3c478f0843ffdd54d5d545d67529c79a0ef4f950a93ccc69de276fc59c9	-	ol10_x86_64_baseos_latest
	grub2-efi-aa64-modules-2.12-15.0.1.el10_0.noarch.rpm	b325b3c478f0843ffdd54d5d545d67529c79a0ef4f950a93ccc69de276fc59c9	-	ol10_x86_64_u0_baseos_patch
	grub2-efi-x64-2.12-15.0.1.el10_0.x86_64.rpm	2dde1cc40f4f5cda5f06f91738334c75e05d43fc614f1934ad3a3e3b5683d032	-	ol10_x86_64_baseos_latest
	grub2-efi-x64-2.12-15.0.1.el10_0.x86_64.rpm	2dde1cc40f4f5cda5f06f91738334c75e05d43fc614f1934ad3a3e3b5683d032	-	ol10_x86_64_u0_baseos_patch
	grub2-efi-x64-cdboot-2.12-15.0.1.el10_0.x86_64.rpm	fc018abe6df59548a5c8f2cf2156266166863bc4762c66ea78cf6426c2ebfb4e	-	ol10_x86_64_baseos_latest
	grub2-efi-x64-cdboot-2.12-15.0.1.el10_0.x86_64.rpm	fc018abe6df59548a5c8f2cf2156266166863bc4762c66ea78cf6426c2ebfb4e	-	ol10_x86_64_u0_baseos_patch
	grub2-efi-x64-modules-2.12-15.0.1.el10_0.noarch.rpm	9f807df440e73c5b4b1c1334e0be6be1ce5676925a42aa317e43e50db949b427	-	ol10_x86_64_baseos_latest
	grub2-efi-x64-modules-2.12-15.0.1.el10_0.noarch.rpm	9f807df440e73c5b4b1c1334e0be6be1ce5676925a42aa317e43e50db949b427	-	ol10_x86_64_u0_baseos_patch
	grub2-pc-2.12-15.0.1.el10_0.x86_64.rpm	c153f1aba31ade786971b1d4c503c84d75ba11e39a0edf8e2e40728be44c6bbc	-	ol10_x86_64_baseos_latest
	grub2-pc-2.12-15.0.1.el10_0.x86_64.rpm	c153f1aba31ade786971b1d4c503c84d75ba11e39a0edf8e2e40728be44c6bbc	-	ol10_x86_64_u0_baseos_patch
	grub2-pc-modules-2.12-15.0.1.el10_0.noarch.rpm	759c9538220c63294b1e4674ef5edb5747f316c59c1119a1b6af69536d2fdbf7	-	ol10_x86_64_baseos_latest
	grub2-pc-modules-2.12-15.0.1.el10_0.noarch.rpm	759c9538220c63294b1e4674ef5edb5747f316c59c1119a1b6af69536d2fdbf7	-	ol10_x86_64_u0_baseos_patch
	grub2-tools-2.12-15.0.1.el10_0.x86_64.rpm	6fb16e5d8079aafea00d2a154d6168709f670cfdcb52bcb80bd55d332d26fe82	-	ol10_x86_64_baseos_latest
	grub2-tools-2.12-15.0.1.el10_0.x86_64.rpm	6fb16e5d8079aafea00d2a154d6168709f670cfdcb52bcb80bd55d332d26fe82	-	ol10_x86_64_u0_baseos_patch
	grub2-tools-efi-2.12-15.0.1.el10_0.x86_64.rpm	41a6b7c27812103ff2a6d26daa5dac835bda37e9ef52781a5b8b02032f48619c	-	ol10_x86_64_baseos_latest
	grub2-tools-efi-2.12-15.0.1.el10_0.x86_64.rpm	41a6b7c27812103ff2a6d26daa5dac835bda37e9ef52781a5b8b02032f48619c	-	ol10_x86_64_u0_baseos_patch
	grub2-tools-extra-2.12-15.0.1.el10_0.x86_64.rpm	e63dad64d9f3fac2a507c2d60094bdaba10cdba8c8f6c5ed05905cbc1bc78383	-	ol10_x86_64_baseos_latest
	grub2-tools-extra-2.12-15.0.1.el10_0.x86_64.rpm	e63dad64d9f3fac2a507c2d60094bdaba10cdba8c8f6c5ed05905cbc1bc78383	-	ol10_x86_64_u0_baseos_patch
	grub2-tools-minimal-2.12-15.0.1.el10_0.x86_64.rpm	c74d309f69055bad041252914cfc20e9e6c07fbf5e80ae9c4e1ca982e2be4bb0	-	ol10_x86_64_baseos_latest
	grub2-tools-minimal-2.12-15.0.1.el10_0.x86_64.rpm	c74d309f69055bad041252914cfc20e9e6c07fbf5e80ae9c4e1ca982e2be4bb0	-	ol10_x86_64_u0_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691