- Description
- A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
- Source
- secalert@redhat.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.4
- Impact score
- 5.9
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- secalert@redhat.com
- CWE-416
- Hype score
- Not currently trending
CVE-2025-0622 Use-After-Free Vulnerability in GRUB2 Modules Enabling Secure Boot Bypass https://t.co/uV3e9FNoxr
@VulmonFeeds
19 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0622 | Red Hat Enterprise Linux/OpenShift Container Platform command-gpg use after free) has been published on https://t.co/vWOAsPuZWn
@WolfgangSesin
18 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0622 A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to… https://t.co/aKUMYxmoMt
@CVEnew
18 Feb 2025
224 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes