6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
GRUB2 does not call the module fini functions on exit, leading to
Debian/Ubuntu’s peimage GRUB2 module leaving UEFI system table hooks after
exit. This lead to a use-after-free condition, and could possibly lead to
secure boot bypass.
Author | Note |
---|---|
eslerm | the grub2 package does not affect Ubuntu’s Secure Boot grub2-unsigned contains Secure Boot security fixes grub2 and grub2-unsigned should have same major version Ubuntu Secure Boot and ESM do not cover i386 trusty’s GA kernel cannot handle new versions of grub Note that key revocation is required to protect against evil housekeeper attacks (such as BlackLotus) |
mdeslaur | this is fixed in grub2-unsigned (2.12~rc1-10ubuntu4.2) and grub2-signed (1.197.2) in mantic-proposed. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 23.10 | noarch | grub2-signed | < any | UNKNOWN |
ubuntu | 24.04 | noarch | grub2-signed | < 1.202 | UNKNOWN |
ubuntu | 23.10 | noarch | grub2-unsigned | < any | UNKNOWN |
ubuntu | 24.04 | noarch | grub2-unsigned | < 2.12-1ubuntu7 | UNKNOWN |