Use-After-Free Vulnerability in GRUB2 Affects Red Hat Products
CVE-2020-25632

8.2HIGH

Key Information:

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 3 March 2021

Badges

👾 Exploit Exists

What is CVE-2020-25632?

A flaw in GRUB2's rmmod implementation allows for the unloading of a module that may still have dependencies in use, leading to a use-after-free condition. This vulnerability can enable the execution of arbitrary code and potentially compromise Secure Boot protections. The implications are serious, impacting the confidentiality and integrity of data as well as overall system availability.

Affected Version(s)

grub2 grub 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1879577

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://security.gentoo.org/glsa/202104-05

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 19, 2022
👾
Exploit known to exist
Jul 19, 2022
Vulnerability published
Mar 3, 2021
Vulnerability Reserved
Sep 16, 2020

Gnu

Badges

What is CVE-2020-25632?

Affected Version(s)

References

CVSS V3.1

Timeline