CVE-2024-2312

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-2312

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-2312.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-2312

Downstream

DEBIAN-CVE-2024-2312

UBUNTU-CVE-2024-2312

Published

2024-04-05T20:15:09Z

Modified

2025-08-26T17:17:34Z

Summary

[none]

Details

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312
https://security.netapp.com/advisory/ntap-20240426-0003/
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127

CVE-2024-2312

Affected packages