Launchpad.net

CVE 2024-2312

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.

Related bugs and status

CVE-2024-2312 (Candidate) is related to these bugs:

Bug #2041827: update-grub sorts custom kernel below older/lower package kernels

		In	Importance	Status
2041827	update-grub sorts custom kernel below older/lower package kernels	grub2 (Ubuntu)	Low	Fix Released
2041827	update-grub sorts custom kernel below older/lower package kernels	grub2 (Ubuntu Mantic)	Undecided	Won't Fix
2041827	update-grub sorts custom kernel below older/lower package kernels	grub2 (Ubuntu Noble)	Low	Fix Released

Bug #2054127: grub-efi crashes upon `exit`

		In	Importance	Status
2054127	grub-efi crashes upon `exit`	grub2-unsigned (Ubuntu)	Medium	Fix Released
2054127	grub-efi crashes upon `exit`	grub2 (Debian)	Undecided	New
2054127	grub-efi crashes upon `exit`	grub2-unsigned (Ubuntu Mantic)	Undecided	New
2054127	grub-efi crashes upon `exit`	grub2-unsigned (Ubuntu Noble)	Medium	Fix Released

Bug #2057679: systemd-stub fails to boot when loaded via peimage

		In	Importance	Status
2057679	systemd-stub fails to boot when loaded via peimage	grub2-unsigned (Ubuntu)	Undecided	Fix Released
2057679	systemd-stub fails to boot when loaded via peimage	grub2-unsigned (Ubuntu Mantic)	Undecided	Fix Committed
2057679	systemd-stub fails to boot when loaded via peimage	grub2-unsigned (Ubuntu Noble)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2024-2312

Related bugs and status

Related bugs

References