Use-After-Free Vulnerability in GRUB2 Affects Red Hat Products
CVE-2020-25632

8.2HIGH

Key Information:

Vendor
Gnu
Status
Grub2
Vendor
CVE Published:
3 March 2021

Badges

👾 Exploit Exists

Summary

A flaw in GRUB2's rmmod implementation allows for the unloading of a module that may still have dependencies in use, leading to a use-after-free condition. This vulnerability can enable the execution of arbitrary code and potentially compromise Secure Boot protections. The implications are serious, impacting the confidentiality and integrity of data as well as overall system availability.

Affected Version(s)

grub2 grub 2.06

References

https://bugzilla.redhat.com/show_bug.cgi?id=1879577
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202104-05
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.