VDB
ALPINE-CVE-2020-25632
ALPINE-CVE-2020-25632
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.19 | grub | 0, 2.02-r10, 2.02-r11 |
| Alpine:v3.23 | grub | 2.02_beta3-r0, 0, 2.02-r0 |
| Alpine:v3.24 | grub | 0, 0 |
| Alpine:v3.17 | grub | 0, 2.02-r0, 2.02-r11 |
| Alpine:v3.18 | grub | 0, 2.02-r10, 2.02-r11 |
| Alpine:v3.21 | grub | 2.02-r3, 0, 2.02-r0 |
| Alpine:v3.22 | grub | 2.02-r20, 0, 0 |
| Alpine:v3.20 | grub | 0, 0, 0 |
Timeline
- Mar 3, 2021 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated