Описание
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | fwupd | Affected | ||
| Red Hat Enterprise Linux 7 | fwupdate | Affected | ||
| Red Hat Enterprise Linux 7 | shim | Not affected | ||
| Red Hat Enterprise Linux 8 | fwupdate | Will not fix | ||
| Red Hat Enterprise Linux 7 | grub2 | Fixed | RHSA-2021:0699 | 02.03.2021 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | grub2 | Fixed | RHSA-2021:0704 | 02.03.2021 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | grub2 | Fixed | RHSA-2021:0703 | 02.03.2021 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | grub2 | Fixed | RHSA-2021:0702 | 02.03.2021 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | grub2 | Fixed | RHSA-2021:0702 | 02.03.2021 |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | grub2 | Fixed | RHSA-2021:0702 | 02.03.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.5 High
CVSS3