GRUB2 Bootloader Use-After-Free Vulnerability Leading to Denial-of-Service

Vulnerability

A use-after-free vulnerability has been identified in the GRUB2 bootloader's normal command. This issue arises because the command is not properly unregistered when the module is unloaded, allowing an attacker to invoke the command and access invalid memory locations. Exploitation of this vulnerability causes system instability, potentially leading to a complete crash and loss of system availability. There are also concerns about possible impacts on data integrity and confidentiality.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the system, disrupting normal operations, and halting system availability. Additionally, there are potential impacts on data integrity and confidentiality.

Added: Nov 18, 2025, 7:20 PM

Updated: Nov 18, 2025, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.8

exploitability

3.3

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

3.8

exploitability

3.3

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GRUB2 Bootloader Use-After-Free Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

GRUB2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating