diff --git a/debian/patches/cve_2025_02_multiple/0205-fs-xfs-Handle-root-inode-read-failure-in-grub_xfs_mo.patch b/debian/patches/cve_2025_02_multiple/0205-fs-xfs-Handle-root-inode-read-failure-in-grub_xfs_mo.patch
new file mode 100644
index 000000000..a21772d64
--- /dev/null
+++ b/debian/patches/cve_2025_02_multiple/0205-fs-xfs-Handle-root-inode-read-failure-in-grub_xfs_mo.patch
@@ -0,0 +1,27 @@
+From: Egor Ignatov <egori@altlinux.org>
+Date: Thu, 23 Jan 2025 20:44:13 +0300
+Subject: fs/xfs: Handle root inode read failure in grub_xfs_mount
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Egor Ignatov <egori@altlinux.org>
+FG: cherry-picked from grub-devel 20250123174415.1251915-2-egori@altlinux.org
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+---
+ grub-core/fs/xfs.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index cc50feb..366974c 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -1021,6 +1021,8 @@ grub_xfs_mount (grub_disk_t disk)
+ 	       grub_cpu_to_be64(data->sblock.rootino));
+ 
+   grub_xfs_read_inode (data, data->diropen.ino, &data->diropen.inode);
++  if (grub_errno)
++    goto fail;
+ 
+   return data;
+  fail:
diff --git a/debian/patches/cve_2025_02_multiple/0206-fs-xfs-Fix-grub_xfs_iterate_dir-return-value-in-case.patch b/debian/patches/cve_2025_02_multiple/0206-fs-xfs-Fix-grub_xfs_iterate_dir-return-value-in-case.patch
new file mode 100644
index 000000000..4f14b6d33
--- /dev/null
+++ b/debian/patches/cve_2025_02_multiple/0206-fs-xfs-Fix-grub_xfs_iterate_dir-return-value-in-case.patch
@@ -0,0 +1,53 @@
+From: Egor Ignatov <egori@altlinux.org>
+Date: Thu, 23 Jan 2025 20:44:14 +0300
+Subject: fs/xfs: Fix grub_xfs_iterate_dir return value in case of failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Commit ef7850c757 introduced multiple boundary checks in grub_xfs_iterate_dir()
+but handled the error incorrectly returning error code instead of 0.
+
+Also change the error message so that it doesn't match the message
+in grub_xfs_read_inode().
+
+Fixes: ef7850c757 (fs/xfs: Fix issues found while fuzzing the XFS filesystem)
+
+Signed-off-by: Egor Ignatov <egori@altlinux.org>
+FG: cherry-picked from grub-devel 20250123174415.1251915-2-egori@altlinux.org
+with adapted context
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+---
+ grub-core/fs/xfs.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index 366974c..e80a7b0 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -839,7 +839,11 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 	    grub_uint8_t c;
+ 
+ 	    if ((inopos + (smallino ? 4 : 8)) > (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
+-	      return grub_error (GRUB_ERR_BAD_FS, "not a correct XFS inode");
++	      {
++		grub_error (GRUB_ERR_BAD_FS, "invalid XFS inode");
++		return 0;
++	      }
++
+ 
+ 	    /* inopos might be unaligned.  */
+ 	    if (smallino)
+@@ -869,8 +873,10 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 	    de = grub_xfs_inline_next_de(dir->data, head, de);
+ 
+ 	    if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
+-	      return grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
+-
++	      {
++		grub_error (GRUB_ERR_BAD_FS, "invalid XFS directory entry");
++		return 0;
++	      }
+ 	  }
+ 	break;
+       }
diff --git a/debian/patches/cve_2025_02_multiple/0207-fs-xfs-Propagate-incorrect-inode-error-from-grub_xfs.patch b/debian/patches/cve_2025_02_multiple/0207-fs-xfs-Propagate-incorrect-inode-error-from-grub_xfs.patch
new file mode 100644
index 000000000..14de0bde6
--- /dev/null
+++ b/debian/patches/cve_2025_02_multiple/0207-fs-xfs-Propagate-incorrect-inode-error-from-grub_xfs.patch
@@ -0,0 +1,75 @@
+From: Egor Ignatov <egori@altlinux.org>
+Date: Thu, 23 Jan 2025 20:44:15 +0300
+Subject: fs/xfs: Propagate incorrect inode error from grub_xfs_read_inode
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+The incorrect inode error from grub_xfs_read_inode did not propagate because
+grub_print_error() resetted grub_errno, and grub_xfs_iterate_dir() did not
+handle it at all.
+
+Signed-off-by: Egor Ignatov <egori@altlinux.org>
+FG: cherry-picked from grub-devel 20250123174415.1251915-2-egori@altlinux.org
+    with adapted context
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+---
+ grub-core/fs/xfs.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index e80a7b0..98fd53b 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -777,7 +777,6 @@ static int iterate_dir_call_hook (grub_uint64_t ino, const char *filename,
+   fdiro = grub_malloc (sz);
+   if (!fdiro)
+     {
+-      grub_print_error ();
+       return 0;
+     }
+ 
+@@ -789,7 +788,6 @@ static int iterate_dir_call_hook (grub_uint64_t ino, const char *filename,
+   err = grub_xfs_read_inode (ctx->diro->data, ino, &fdiro->inode);
+   if (err)
+     {
+-      grub_print_error ();
+       return 0;
+     }
+ 
+@@ -828,9 +826,13 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 	/* Synthesize the direntries for `.' and `..'.  */
+ 	if (iterate_dir_call_hook (diro->ino, ".", &ctx))
+ 	  return 1;
++	else if (grub_errno)
++	  return 0;
+ 
+ 	if (iterate_dir_call_hook (parent, "..", &ctx))
+ 	  return 1;
++	else if (grub_errno)
++	  return 0;
+ 
+ 	for (i = 0; i < head->count; i++)
+ 	  {
+@@ -870,6 +872,9 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 	      }
+ 	    de->name[de->len] = c;
+ 
++	    if (grub_errno)
++	      return 0;
++
+ 	    de = grub_xfs_inline_next_de(dir->data, head, de);
+ 
+ 	    if ((grub_uint8_t *) de >= (grub_uint8_t *) dir + grub_xfs_fshelp_size (dir->data))
+@@ -955,6 +960,11 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
+ 		    grub_free (dirblock);
+ 		    return 1;
+ 		  }
++		else if (grub_errno)
++		  {
++		    grub_free (dirblock);
++		    return 0;
++		  }
+ 
+ 		/* Check if last direntry in this block is
+ 		   reached.  */
diff --git a/debian/patches/series b/debian/patches/series
index d7cdedd61..b3c6c879b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -201,3 +201,6 @@ cve_2025_02_multiple/0201-kern-misc-Add-sanity-check-after-grub_strtoul-call.pat
 cve_2025_02_multiple/0202-loader-i386-linux-Cast-left-shift-to-grub_uint32_t.patch
 cve_2025_02_multiple/0203-loader-i386-bsd-Use-safe-math-to-avoid-underflow.patch
 cve_2025_02_multiple/0204-fs-ext2-Rework-out-of-bounds-read-for-inline-and-ext.patch
+cve_2025_02_multiple/0205-fs-xfs-Handle-root-inode-read-failure-in-grub_xfs_mo.patch
+cve_2025_02_multiple/0206-fs-xfs-Fix-grub_xfs_iterate_dir-return-value-in-case.patch
+cve_2025_02_multiple/0207-fs-xfs-Propagate-incorrect-inode-error-from-grub_xfs.patch