DEBIAN-CVE-2020-15706

DEBIAN-CVE-2020-15706 PUBLISHED CVSS 6.400000095367432 MEDIUM

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

Risk Scores

CVSS 3.1

6.400000095367432

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	grub2	0, 0, 0
Debian:14	grub2	0, 0, 0
Debian:13	grub2	0, 0, 0
Debian:12	grub2	0, 0, 0

Timeline

Jul 29, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-15706 advisory

Open in Interactive Console →