Home > Vulnerability Database > CVE-2024-2312

Mend.io Vulnerability Database

CVE-2024-2312

Good to know:

Date: April 5, 2024

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

Language: C

Severity Score

6.7

Related Resources (6)

Url: https://security-tracker.debian.org/tracker/CVE-2024-2312

Url: https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127

Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2312

Url: https://security.netapp.com/advisory/ntap-20240426-0003/

Url: https://www.mend.io/vulnerability-database/CVE-2024-2312

Severity Score

6.7

Top Fix

Upgrade Version

Upgrade to version 812bbe4c429b8ff7884be7a8d8429156f1019d28

Learn More

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2312

Good to know:

Date: April 5, 2024

Language: C

Severity Score

Related Resources (6)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?