CVE-2024-2312 Information

Description

GRUB2 does not call the module fini functions on exit leading to Debian/Ubuntu’s peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition and could possibly lead to secure boot bypass.

Reference

https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312