Security Advisory

CVE-2024-2312

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-05 19:40:02

Last updated 2025-02-13 17:33:46

Assigner canonical

State PUBLISHED

Description

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntus peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

← Browse all CVEs View on cve.org ↗