Description

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

INFO

Published Date :

2024-04-05T19:40:02.848Z

Last Modified :

2025-02-13T17:33:46.314Z

Source :

canonical
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2312 vulnerability.

Vendors Products
Gnu
  • Grub2
Netapp
  • Bootstrap Os
  • Hci Compute Node

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact