CVE-2025-0622 — Use After Free in Grub2

CWE-416 — Use After Free CWE-282 — Improper Ownership Management6 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

0.0%

top 99.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2 Debian Grub2

Timeline

PublishedFeb 18

Latest updateMay 13

Description

A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/grub2< grub2 2.12-6 (forky)

▶Debiangnu/grub2< 2.12-6+1

🔴Vulnerability Details

GHSA

GHSA-vjmw-pmxv-8c6w: A flaw was found in command/gpg↗2025-02-18

▶

OSV

CVE-2025-0622: A flaw was found in command/gpg↗2025-02-18

▶

📋Vendor Advisories

Red Hat

screen: Screen by Default Creates World Writable PTYs↗2025-05-13

▶

Red Hat

grub2: command/gpg: Use-after-free due to hooks not being removed on module unload↗2025-02-18

▶

Debian

CVE-2025-0622: grub2 - A flaw was found in command/gpg. In some scenarios, hooks created by loaded modu...↗2025

▶