Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

Published

2024-04-05T20:15:09.020

Last Modified

2025-08-26T17:17:34.323

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	grub2	< 2.12-1ubuntu5	Yes
Operating System	netapp	bootstrap_os	-	Yes
Hardware	netapp	hci_compute_node	-	No

References

https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 Exploit, Issue Tracking, Patch ([email protected])
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240426-0003/ Third Party Advisory ([email protected])
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 Exploit, Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240426-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)