UBUNTU-CVE-2024-2312

Source
https://ubuntu.com/security/CVE-2024-2312
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-2312.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-2312
Related
Published
2024-04-05T00:00:00Z
Modified
2025-01-13T10:24:47Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

References

Affected packages

Ubuntu:Pro:14.04:LTS / grub2

Package

Name
grub2
Purl
pkg:deb/ubuntu/grub2@2.02~beta2-9ubuntu1.21?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.00-19ubuntu2
2.00-19ubuntu3
2.00-19ubuntu4
2.00-20
2.00-21
2.00-22
2.02~beta2-5
2.02~beta2-6
2.02~beta2-7
2.02~beta2-8
2.02~beta2-9
2.02~beta2-9ubuntu1
2.02~beta2-9ubuntu1.1
2.02~beta2-9ubuntu1.2
2.02~beta2-9ubuntu1.3
2.02~beta2-9ubuntu1.4
2.02~beta2-9ubuntu1.5
2.02~beta2-9ubuntu1.6
2.02~beta2-9ubuntu1.7
2.02~beta2-9ubuntu1.8
2.02~beta2-9ubuntu1.11
2.02~beta2-9ubuntu1.12
2.02~beta2-9ubuntu1.14
2.02~beta2-9ubuntu1.15
2.02~beta2-9ubuntu1.16
2.02~beta2-9ubuntu1.17
2.02~beta2-9ubuntu1.20
2.02~beta2-9ubuntu1.21

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:14.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed@1.34.24?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22
1.23
1.24
1.25
1.26
1.27
1.30
1.31
1.32
1.33
1.34
1.34.1
1.34.2
1.34.3
1.34.4
1.34.5
1.34.6
1.34.7
1.34.8
1.34.9
1.34.13
1.34.14
1.34.16
1.34.17
1.34.18
1.34.20
1.34.22
1.34.24

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed@1.202?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.202

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.202+2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.202+2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:24.10 / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned@2.12-1ubuntu7?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12-1ubuntu7

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}

Ubuntu:24.04:LTS / grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed@1.202?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.202

Affected versions

1.*

1.197
1.199
1.201

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.202+2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64-signed"
        },
        {
            "binary_version": "1.202+2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64-signed"
        }
    ]
}

Ubuntu:24.04:LTS / grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned@2.12-1ubuntu7?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12-1ubuntu7

Affected versions

2.*

2.12~rc1-10ubuntu4
2.12~rc1-12ubuntu2
2.12-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64-bin"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-amd64-dbg"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64-bin"
        },
        {
            "binary_version": "2.12-1ubuntu7",
            "binary_name": "grub-efi-arm64-dbg"
        }
    ]
}