8.2
CWE
416
Advisory Published
CVE Published
Updated

CVE-2020-25632: Use After Free

First published: Wed Sep 16 2020(Updated: )

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/grub<2.06
2.06
CentOS Grub2-pc-modules<2.06
Red Hat Enterprise Linux=7.0
Red Hat Enterprise Linux=8.0
Red Hat Enterprise Linux Server=7.2
Red Hat Enterprise Linux Server=7.3
Red Hat Enterprise Linux Server=7.4
Red Hat Enterprise Linux Server=7.6
Red Hat Enterprise Linux Server=7.7
Red Hat Enterprise Linux Server=8.2
Red Hat Enterprise Linux Server=7.6
Red Hat Enterprise Linux Server=7.7
Red Hat Enterprise Linux Server=8.1
Red Hat Enterprise Linux Server=7.4
Red Hat Enterprise Linux Server=7.6
Red Hat Enterprise Linux Server=7.7
Red Hat Enterprise Linux Server=8.2
Red Hat Enterprise Linux Workstation=7.0
Red Hat Fedora=33
Red Hat Fedora=34
NetApp ONTAP Select Deploy

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2020-25632?

    CVE-2020-25632 is considered a high severity vulnerability that could allow arbitrary code execution.

  • How do I fix CVE-2020-25632?

    The recommended fix for CVE-2020-25632 is to upgrade grub2 to version 2.06 or later.

  • Which versions of grub2 are affected by CVE-2020-25632?

    Versions of grub2 prior to 2.06 are affected by CVE-2020-25632.

  • What impact does CVE-2020-25632 have on system security?

    CVE-2020-25632 can lead to a use-after-free condition, potentially allowing a bypass of security mechanisms.

  • Is CVE-2020-25632 specific to certain Linux distributions?

    Yes, CVE-2020-25632 affects multiple Linux distributions, including Red Hat Enterprise Linux and Fedora, prior to the recommended versions.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203