CVE-2020-25632

HIGH

GRUB2 < 2.06 - Use-After-Free via rmmod Dependency Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25632. PoCs published by pauljrowland.

AI-analyzed exploit summary This PowerShell script remediates the BootHole vulnerability (CVE-2020-25632) by downloading and applying the latest Secure Boot DBX revocation list to invalidate vulnerable modules. It automates the process of fetching the necessary files and updating the UEFI configuration.

Description

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Exploits (1)

nomisec WORKING POC
by pauljrowland · poc
https://github.com/pauljrowland/BootHoleFix

This PowerShell script remediates the BootHole vulnerability (CVE-2020-25632) by downloading and applying the latest Secure Boot DBX revocation list to invalidate vulnerable modules. It automates the process of fetching the necessary files and updating the UEFI configuration.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Secure Boot (UEFI)
Auth required
Prerequisites: Administrative privileges · Internet access to download required files
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1879577
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-05
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220325-0001/

Scores

CVSS v3 8.2
EPSS 0.0115
EPSS Percentile 63.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (20)
fedoraproject/fedora 33
fedoraproject/fedora 34
gnu/grub2 < 2.06
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
redhat/enterprise_linux_server_aus 7.2
redhat/enterprise_linux_server_aus 7.3
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_aus 7.6
... and 10 more
Published Mar 03, 2021
Tracked Since Feb 18, 2026