CVE-2025-0622

EUVD-2025-4773
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Debian logo
Debian Releases
Debian Product
Codename
grub2
bookworm
2.06-13+deb12u2
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
2.06-3~deb11u7
fixed
forky
2.14-3
fixed
sid
2.14-3
fixed
trixie
2.12-9+deb13u2
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
grub2
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-arm64-efi
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-i386-pc
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-powerpc-ieee1275
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-s390x-emu
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-snapper-plugin
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-systemd-sleep-plugin
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-efi
suse enterprise desktop 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
suse enterprise server 15 SP6
2.12-150600.8.18.2
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-xen
suse enterprise server 12 SP3
2.02-150.1
fixed
suse enterprise server 12 SP5
2.02-181.2
fixed
suse enterprise server 15 SP3
2.04-150300.22.52.3
fixed
suse enterprise server 15 SP4
2.06-150400.11.55.2
fixed
suse enterprise server 15 SP5
2.06-150500.29.43.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grub2-common
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-aa64
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-aa64-cdboot
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-aa64-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-x64
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-x64-cdboot
RHEL 9
1:2.06-104.el9_6
fixed
grub2-efi-x64-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-pc
RHEL 9
1:2.06-104.el9_6
fixed
grub2-pc-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-ppc64le
RHEL 9
1:2.06-104.el9_6
fixed
grub2-ppc64le-modules
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools-efi
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools-extra
RHEL 9
1:2.06-104.el9_6
fixed
grub2-tools-minimal
RHEL 9
1:2.06-104.el9_6
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
grub2-common
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-debuginfo
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-debugsource
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-aa64
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-aa64-cdboot
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-aa64-ec2
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-aa64-modules
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-x64
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-x64-cdboot
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-x64-ec2
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-efi-x64-modules
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-emu
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-emu-debuginfo
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-emu-modules
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-pc
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-pc-modules
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-debuginfo
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-efi
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-efi-debuginfo
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-extra
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-extra-debuginfo
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-minimal
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed
grub2-tools-minimal-debuginfo
Amazon Linux 2023
1:2.06-61.amzn2023.0.16
fixed