Lucene search
HistoryApr 05, 2024 - 8:15 p.m.
CVE-2024-2312
grub2
secure boot
use-after-free
debian
ubuntu
uefi
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.7%
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu’s peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
CNA Affected
[
{
"packageName": "grub2",
"product": "Debian based GNU GRUB",
"vendor": "Debian",
"repo": "https://git.savannah.gnu.org/cgit/grub.git",
"platforms": [
"Linux"
],
"versions": [
{
"lessThan": "2.12-1ubuntu5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
redhatcve
redhatcve
CVE-2024-2312
2024-04-08 05:50:52
cvelist
cvelist
CVE-2024-2312
2024-04-05 19:40:02
ubuntucve
ubuntucve
CVE-2024-2312
2024-04-05 00:00:00
debiancve
debiancve
CVE-2024-2312
2024-04-05 20:15:09
veracode
veracode
Use After Free
2024-04-15 04:22:57
nvd
nvd
CVE-2024-2312
2024-04-05 20:15:09
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.7%
Related for CVE-2024-2312