Lucene search
HistoryApr 05, 2024 - 8:15 p.m.
CVE-2024-2312
grub2
module fini functions
uefi system table
secure boot bypass
use-after-free condition
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu’s peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
Related
redhatcve
redhatcve
CVE-2024-2312
2024-04-08 05:50:52
cve
cve
CVE-2024-2312
2024-04-05 20:15:09
cvelist
cvelist
CVE-2024-2312
2024-04-05 19:40:02
ubuntucve
ubuntucve
CVE-2024-2312
2024-04-05 00:00:00
debiancve
debiancve
CVE-2024-2312
2024-04-05 20:15:09
veracode
veracode
Use After Free
2024-04-15 04:22:57
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
Related for NVD:CVE-2024-2312