GRUB2 Bootloader Normal Module Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the GRUB2 bootloader's normal module. This issue arises because the normal_exit command is not properly unregistered when the module is unloaded. An attacker can exploit this vulnerability by invoking the command after the module has been removed, leading to a system crash or potential unauthorized access to previously freed memory. Such exploitation could disrupt system stability or allow for unauthorized code execution.

Impact

Exploitation of this vulnerability can cause a system crash or unauthorized access to memory, potentially leading to exploitation of other vulnerabilities or execution of arbitrary code.

Added: Nov 18, 2025, 7:19 PM

Updated: Nov 18, 2025, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.3

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.3

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GRUB2 Bootloader Normal Module Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

GRUB2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating