Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-SLES152-GRUB2X8664EFI-2686933
- published 14 Apr 2022
- disclosed 2 Mar 2021
Introduced: 2 Mar 2021CVE-2020-25632 Open this link in a new tab
How to fix?
grub2-x86_64-efi to version 2.04-9.34.1 or higher.
Note: Versions mentioned in the description apply only to the upstream
grub2-x86_64-efi package and not the
grub2-x86_64-efi package as distributed by
How to fix? for
SLES:15.2 relevant fixed versions and status.
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- E-Mail link for SUSE-SU-2021:0683-1
- Link for SUSE-SU-2021:0683-1
- SUSE Bug 1175970
- SUSE Bug 1176711
- SUSE Bug 1177883
- SUSE Bug 1179264
- SUSE Bug 1179265
- SUSE Bug 1182057
- SUSE Bug 1182262
- SUSE Bug 1182263
- SUSE Bug 1192833
- SUSE CVE CVE-2020-14372 page
- SUSE CVE CVE-2020-25632 page
- SUSE CVE CVE-2020-25647 page
- SUSE CVE CVE-2020-27749 page
- SUSE CVE CVE-2020-27779 page
- SUSE CVE CVE-2021-20225 page
- SUSE CVE CVE-2021-20233 page
- SUSE Security Ratings