CVE-2024-2312

CWE-416Use After FreeCWE-9918 documents7 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 94.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian Based GNU GrubGNU Grub2
Timeline
PublishedApr 5
Latest updateJul 18

Description

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDgnu/grub2< 2.12-1ubuntu5
Debiangrub2< 2.12-2+1
CVEListV5debian/debian_based_gnu_grub< 2.12-1ubuntu5

Patches

Patch: bugs.launchpad.netPatch: bugs.launchpad.net

🔴Vulnerability Details

13
OSV
linux-intel-iotg-5.15 vulnerabilities2025-07-18
OSV
linux-raspi vulnerabilities2025-07-17
OSV
linux-intel-iotg vulnerabilities2025-07-04
OSV
linux-xilinx-zynqmp vulnerabilities2025-06-26
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities2025-06-24

📋Vendor Advisories

4
Red Hat
kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()2024-08-21
Microsoft
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could po2024-04-09
Red Hat
grub2: grub-efi crashes upon `exit`2024-04-05
Debian
CVE-2024-2312: grub2 - GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu'...2024