CVE-2020-25632
published 2021-03-03CVE-2020-25632: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any…
high8.2CVSS 3.1
AVLACLPRHUINSCCHIHAH
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | grub2 | < grub2 2.04-16 (bookworm) | grub2 2.04-16 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | grub2 | < 2.06 | 2.06 |
| gnu | grub2 | — | — |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| gnu | grub2 | >= 0 < 2.04-16 | 2.04-16 |
| msrc | cbl2_grub2_2.06rc1-7_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_grub2_2.06rc1-4_on_cbl_mariner_1.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
osv8.2HIGH