The rmmod implementation for grub2 is flawed, allowing an attacker to unload a module used as a dependency without checking if any other dependent module is still loaded. This leads to a use-after-free scenario possibly allowing an attacker to execute arbitrary code and by-pass Secure Boot protections.
The rmmod implementation for grub2 is flawed, allowing an attacker to unload a module used as a dependency without checking if any other dependent module is still loaded. This leads to a use-after-free scenario possibly allowing an attacker to execute arbitrary code and by-pass Secure Boot protections.
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html