CVE-2020-25632 - log back

CVE-2020-25632 edited at 02 Mar 2021 23:19:39
References
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
+ https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=7630ec5397fe418276b360f9011934b8c034936c
CVE-2020-25632 edited at 02 Mar 2021 18:16:21
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ The rmmod implementation for grub2 is flawed, allowing an attacker to unload a module used as a dependency without checking if any other dependent module is still loaded. This leads to a use-after-free scenario possibly allowing an attacker to execute arbitrary code and by-pass Secure Boot protections.
References
+ https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html
Notes
CVE-2020-25632 created at 02 Mar 2021 18:10:44