Уязвимость CVE-2020-25632: Информация
Описание
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Важность: HIGH (8,2) Вектор: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
grub | sisyphus | 2.06-alt1.rc1 | 2.06-alt19 | ALT-PU-2021-1969-1 | 272133 | Исправлено |
grub | sisyphus_riscv64 | 2.06-alt0.5.rv64.3 | 2.06-alt0.5.rv64.3 | ALT-PU-2022-4067-1 | - | Исправлено |
grub | p10 | 2.06-alt1.rc1 | 2.06-alt17 | ALT-PU-2021-1969-1 | 272133 | Исправлено |
grub | c10f1 | 2.06-alt1.rc1 | 2.06-alt7 | ALT-PU-2021-1969-1 | 272133 | Исправлено |
grub | c9f2 | 2.06-alt4 | 2.06-alt4 | ALT-PU-2021-3464-1 | 291032 | Исправлено |
grub | p11 | 2.06-alt1.rc1 | 2.06-alt19 | ALT-PU-2021-1969-1 | 272133 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1879577 |
|
GLSA-202104-05 |
|
https://security.netapp.com/advisory/ntap-20220325-0001/ |
|
FEDORA-2021-cab258a413 |