A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-4867-1 | grub2 security update |
EUVD |
EUVD-2020-18303 | A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
Ubuntu USN |
USN-4992-1 | GRUB 2 vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-04T15:40:35.453Z
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25632
No data.
Status : Modified
Published: 2021-03-03T17:15:11.660
Modified: 2024-11-21T05:18:17.340
Link: CVE-2020-25632
OpenCVE Enrichment
No data.
Debian DSA
EUVD
Ubuntu USN