Total vulnerabilities in the database
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
| Software | From | Fixed in |
|---|---|---|
| gnu / grub2 | - | 2.04.x |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| debian / debian_linux | 10.0 | 10.0.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| suse / suse_linux_enterprise_server | 11 | 11.x |
| suse / suse_linux_enterprise_server | 12 | 12.x |
| suse / suse_linux_enterprise_server | 15 | 15.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / openshift_container_platform | 4.0 | 4.0.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| microsoft / windows_server_2012 | r2 | r2.x |
| microsoft / windows_10 | 1607 | 1607.x |
| microsoft / windows_10 | 1709 | 1709.x |
| microsoft / windows_10 | 1803 | 1803.x |
| microsoft / windows_10 | 1809 | 1809.x |
| microsoft / windows_server_2016 | 1903 | 1903.x |
| microsoft / windows_10 | 1903 | 1903.x |
| microsoft / windows_server_2016 | 1909 | 1909.x |
| microsoft / windows_10 | 1909 | 1909.x |
| microsoft / windows_10 | 2004 | 2004.x |
| microsoft / windows_server_2016 | 2004 | 2004.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / leap | 15.2 | 15.2.x |