CVE-2020-25632
Description
A use-after-free flaw in grub2's rmmod command allows arbitrary code execution or Secure Boot bypass, affecting versions prior to 2.06.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free flaw in grub2's rmmod command allows arbitrary code execution or Secure Boot bypass, affecting versions prior to 2.06.
Vulnerability
The rmmod implementation in grub2 versions prior to 2.06 is flawed, allowing the unloading of a module that is still a dependency for other loaded modules without proper checks. This leads to a use-after-free condition [1]. The bug resides in the module unloading code path and is reachable when the rmmod command is executed on a module that is a dependency.
Exploitation
An attacker with the ability to execute the rmmod command (e.g., local access to the GRUB shell or via a compromised boot configuration) can trigger the vulnerability. By unloading a module that is a dependency, the attacker causes use-after-free, potentially leveraging memory corruption to execute arbitrary code. No authentication is required beyond access to GRUB's command line.
Impact
Successful exploitation could allow arbitrary code execution within the GRUB environment, bypassing Secure Boot protections. This compromises data confidentiality, integrity, and system availability, as the attacker can run arbitrary code at boot time [3].
Mitigation
The vulnerability is fixed in grub2 version 2.06 and later. Red Hat has issued patches for various RHEL versions via RHSA-2021:0702 [1]. Gentoo recommends upgrading to >=sys-devel/grub-2.06_rc1 and re-running grub-install [3]. No workaround is available; users should apply the update.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
41- grub2/grub2description
- osv-coords39 versionspkg:rpm/almalinux/shim-aa64pkg:rpm/almalinux/shim-ia32pkg:rpm/almalinux/shim-unsigned-aarch64pkg:rpm/almalinux/shim-unsigned-x64pkg:rpm/almalinux/shim-x64pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grub2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/grub2&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grub2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 15.4-2.el8_1.alma+ 38 more
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 15-7.el8_1.alma
- (no CPE)range: < 15.4-4.el8_1.alma
- (no CPE)range: < 15.4-2.el8_1.alma
- (no CPE)range: < 2.04-lp152.7.22.7
- (no CPE)range: < 2.06-7.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.04-9.34.1
- (no CPE)range: < 2.04-9.34.1
- (no CPE)range: < 2.02-0.66.26.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-19.66.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-26.43.1
- (no CPE)range: < 2.02-115.59.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
- (no CPE)range: < 2.02-4.69.1
- (no CPE)range: < 2.02-12.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202104-05mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220325-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.