IM
IronMonkey Threat Research

CVE-2020-25632 HIGH

Published: 2021-03-03 | Last Modified: 2024-11-21 | Status: Modified

Description

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Additional Descriptions (1)

Se encontró un fallo en grub2 en versiones anteriores a 2.06. La implementación de rmmod permite la descarga de un módulo usado como dependencia sin comprobar si algún otro módulo dependiente todavía está cargado, lo que conlleva a un escenario de uso de la memoria previamente liberada. Esto podría permitir una ejecución de código arbitraria o una omisión de las protecciones de Secure Boot. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema

CVSS Metrics

Base Score: 8.2 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
ScopeCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.5

Impact Score: 6.0

Base Score: 7.2 (HIGH)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 10.0

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-416
[email protected] Primary
en CWE-416

Affected Products

Vendor Product Version Update Type
gnu grub2 * <built-in method update of dict object at 0x72a9cc41ea00> Application
redhat enterprise_linux 7.0 <built-in method update of dict object at 0x72a9b0db7f40> Operating System
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x72a9b0db5a40> Operating System
redhat enterprise_linux_server_aus 7.2 <built-in method update of dict object at 0x72a9cc41d440> Operating System
redhat enterprise_linux_server_aus 7.3 <built-in method update of dict object at 0x72a9cc41c280> Operating System
redhat enterprise_linux_server_aus 7.4 <built-in method update of dict object at 0x72a9cc60c300> Operating System
redhat enterprise_linux_server_aus 7.6 <built-in method update of dict object at 0x72a9cc60c780> Operating System
redhat enterprise_linux_server_aus 7.7 <built-in method update of dict object at 0x72a9cc60c840> Operating System
redhat enterprise_linux_server_aus 8.2 <built-in method update of dict object at 0x72a9cc60fc40> Operating System
redhat enterprise_linux_server_eus 7.6 <built-in method update of dict object at 0x72a9cc60ff40> Operating System
redhat enterprise_linux_server_eus 7.7 <built-in method update of dict object at 0x72a9cd0791c0> Operating System
redhat enterprise_linux_server_eus 8.1 <built-in method update of dict object at 0x72a9b0db7680> Operating System
redhat enterprise_linux_server_tus 7.4 <built-in method update of dict object at 0x72a9cd07bf00> Operating System
redhat enterprise_linux_server_tus 7.6 <built-in method update of dict object at 0x72a9cd079200> Operating System
redhat enterprise_linux_server_tus 7.7 <built-in method update of dict object at 0x72a9b0db4e40> Operating System
redhat enterprise_linux_server_tus 8.2 <built-in method update of dict object at 0x72a9cd07a8c0> Operating System
redhat enterprise_linux_workstation 7.0 <built-in method update of dict object at 0x72a9b0db5f00> Operating System
fedoraproject fedora 33 <built-in method update of dict object at 0x72a9cc41ce00> Operating System
fedoraproject fedora 34 <built-in method update of dict object at 0x72a9cd07b500> Operating System
netapp ontap_select_deploy_administration_utility - <built-in method update of dict object at 0x72a9b0c3e800> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

References

Notification
Message here