Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-2312

Опубликовано: 05 апр. 2024
Источник: redhat
CVSS3: 6.7

Описание

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

A flaw was found in GRUB2. GRUB2 do not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving the UEFI system table hooks after exit. This issue leads to a use-after-free condition, possibly leading to a secure boot bypass.

Отчет

This flaw is specific to Debian/Ubuntu and derived distributions. GRUB2 as shipped in Red Hat Enterprise Linux does not include the peimage module. Therefore, Red Hat Products are not affected by this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10grub2Not affected
Red Hat Enterprise Linux 7grub2Not affected
Red Hat Enterprise Linux 8grub2Not affected
Red Hat Enterprise Linux 9grub2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2273912grub2: grub-efi crashes upon `exit`

6.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-2312

CVSS3: 6.7
ubuntu
почти 2 года назад

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

nvd логотип

CVE-2024-2312

CVSS3: 6.7
nvd
почти 2 года назад

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

msrc логотип

CVE-2024-2312

msrc
5 месяцев назад

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

debian логотип

CVE-2024-2312

CVSS3: 6.7
debian
почти 2 года назад

GRUB2 does not call the module fini functions on exit, leading to Debi ...

github логотип

GHSA-975v-wj6r-fgj8

CVSS3: 6.7
github
почти 2 года назад

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

6.7 Medium

CVSS3