GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-amd64" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-amd64-bin" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-amd64-dbg" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-arm64" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-arm64-bin" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-arm64-dbg" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-amd64" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-amd64-bin" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-amd64-dbg" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-arm64" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-arm64-bin" }, { "binary_version": "2.12-1ubuntu7", "binary_name": "grub-efi-arm64-dbg" } ] }