CVE-2024-2312

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-2312

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-2312.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-2312

Related

UBUNTU-CVE-2024-2312

Published

2024-04-05T20:15:09Z

Modified

2025-01-08T09:42:40.198745Z

Summary

[none]

Details

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

References

Affected packages

Debian:13 / grub2

Package

Name: grub2
Purl: pkg:deb/debian/grub2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12-2

Affected versions

2.*

2.06-13

2.06-13+deb13u1

2.06-13+hurd.1

2.06-13+hurd.2

2.06-14

2.12~rc1-1

2.12~rc1-2

2.12~rc1-3

2.12~rc1-6

2.12~rc1-7

2.12~rc1-8

2.12~rc1-9

2.12~rc1-10

2.12~rc1-11

2.12~rc1-12

2.12~rc1-13

2.12-1~bpo12+1

2.12-1

2.12-1.1

2.12-2~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}