Thursday, March 4, 2021

Red Hat: CVE-2020-25632: Moderate: grub2 security update (Multiple Advisories)

rapid7 vulnerabilities In: , 
Description
A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solution(s)
  • redhat-upgrade-grub2-common
  • redhat-upgrade-grub2-debuginfo
  • redhat-upgrade-grub2-debugsource
  • redhat-upgrade-grub2-efi-aa64-modules
  • redhat-upgrade-grub2-efi-ia32
  • redhat-upgrade-grub2-efi-ia32-cdboot
  • redhat-upgrade-grub2-efi-ia32-modules
  • redhat-upgrade-grub2-efi-x64
  • redhat-upgrade-grub2-efi-x64-cdboot
  • redhat-upgrade-grub2-efi-x64-modules
  • redhat-upgrade-grub2-pc
  • redhat-upgrade-grub2-pc-modules
  • redhat-upgrade-grub2-ppc64le-modules
  • redhat-upgrade-grub2-tools
  • redhat-upgrade-grub2-tools-debuginfo
  • redhat-upgrade-grub2-tools-efi
  • redhat-upgrade-grub2-tools-efi-debuginfo
  • redhat-upgrade-grub2-tools-extra
  • redhat-upgrade-grub2-tools-extra-debuginfo
  • redhat-upgrade-grub2-tools-minimal
  • redhat-upgrade-grub2-tools-minimal-debuginfo


    • References
  • CVE-2020-25632
  • RHSA-2021:0696
  • RHSA-2021:0697
  • RHSA-2021:0698




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore