Lucene search

[email protected]NVD:CVE-2020-25632

HistoryMar 03, 2021 - 5:15 p.m.

CVE-2020-25632

2021-03-0317:15:11

CWE-416

[email protected]

web.nvd.nist.gov

flaw

grub2

arbitrary code

secure boot

data confidentiality

integrity

system availability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

Nvd

Node

gnugrub2Range<2.06

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_eusMatch7.7

redhatenterprise_linux_server_eusMatch8.1

redhatenterprise_linux_server_tusMatch7.4

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_workstationMatch7.0

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

Node

netappontap_select_deploy_administration_utilityMatch-

VendorProductVersionCPE
gnugrub2*cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.2cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.3cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.4cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.6cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus7.7cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus8.2cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
redhatenterprise_linux_server_eus7.6cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	grub2	*	cpe:2.3:a:gnu:grub2::::::::
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux_server_aus	7.2	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
redhat	enterprise_linux_server_aus	7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
redhat	enterprise_linux_server_aus	7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
redhat	enterprise_linux_server_aus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
redhat	enterprise_linux_server_aus	7.7	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
redhat	enterprise_linux_server_aus	8.2	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
redhat	enterprise_linux_server_eus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*