Untriaged
Permalink
CVE-2024-2312
6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
GRUB2 does not call the module fini functions on exit, …
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
References
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking
- https://security.netapp.com/advisory/ntap-20240426-0003/
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking
- https://security.netapp.com/advisory/ntap-20240426-0003/
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking x_transferred
- https://security.netapp.com/advisory/ntap-20240426-0003/ x_transferred
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking
- https://security.netapp.com/advisory/ntap-20240426-0003/
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking x_transferred
- https://security.netapp.com/advisory/ntap-20240426-0003/ x_transferred
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking
- https://security.netapp.com/advisory/ntap-20240426-0003/
- https://security.netapp.com/advisory/ntap-20240426-0003/ x_transferred
- https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 issue-tracking x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 issue-tracking x_transferred
Affected products
grub2
- <2.12-1ubuntu5
Matching in nixpkgs
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
PvGrub2 image for booting PVH Xen guests
Package maintainers
-
@hehongbo Hongbo
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>