Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-2312

created 4 months, 3 weeks ago

GRUB2 does not call the module fini functions on exit, …

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

Affected products

grub2

<2.12-1ubuntu5

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

nixos-unstable -
- nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@hehongbo Hongbo
@digitalrane Rane <rane+git@junkyard.systems>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.grub2_pvgrub_image

pkgs.grub2_pvhgrub_image

Package maintainers