ALPINE-CVE-2020-25632 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2020-25632 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.19	grub	2.02-r1, 2.02-r10, 2.02-r11
Alpine:v3.23	grub	2.04-r3, 2.04-r2, 2.04-r1
Alpine:v3.17	grub	0, 2.02-r0, 2.02-r11
Alpine:v3.18	grub	0, 2.02-r0, 2.02-r1
Alpine:v3.21	grub	0, 2.02-r0, 2.02-r1
Alpine:v3.22	grub	2.02-r18, 0, 2.02-r1
Alpine:v3.20	grub	2.02-r1, 2.04-r3, 2.04-r2

Timeline

Mar 3, 2021 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2020-25632 advisory

Open in Interactive Console →