UBUNTU-CVE-2025-61664

Source
https://ubuntu.com/security/CVE-2025-61664
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-61664
Upstream
Published
2025-11-18T19:15:00Z
Modified
2026-05-20T16:23:40.299345745Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

References

Affected packages

Ubuntu:16.04:LTS
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.55
1.56
1.57
1.58
1.59
1.61
1.62
1.63
1.64
1.65
1.66
1.66.1
1.66.2
1.66.6
1.66.7
1.66.8
1.66.9
1.66.11
1.66.12
1.66.14
1.66.15
1.66.16
1.66.17
1.66.18
1.66.19
1.66.20
1.66.21
1.66.22
1.66.23
1.66.26
1.66.27
1.66.28
1.66.29
1.167~16.04.1
1.167~16.04.2
1.167~16.04.4
1.167~16.04.6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.167~16.04.6+2.04-1ubuntu44.1.2"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.167~16.04.6+2.04-1ubuntu44.1.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.04-1ubuntu44
2.04-1ubuntu44.1
2.04-1ubuntu44.1.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.04-1ubuntu44.1.2"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.04-1ubuntu44.1.2"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.04-1ubuntu44.1.2"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.04-1ubuntu44.1.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:18.04:LTS
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.85
1.86
1.87
1.89
1.91
1.92
1.93
1.93.1
1.93.2
1.93.3
1.93.4
1.93.5
1.93.7
1.93.8
1.93.10
1.93.11
1.93.13
1.93.14
1.93.15
1.93.16
1.93.18
1.93.19
1.93.20
1.93.21
1.93.22
1.93.24
1.167~18.04.1
1.167~18.04.3
1.167~18.04.5
1.173.2~18.04.1
1.187.2~18.04.1
1.187.3~18.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.187.3~18.04.1+2.06-2ubuntu14.1"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.187.3~18.04.1+2.06-2ubuntu14.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.04-1ubuntu44
2.04-1ubuntu44.1
2.04-1ubuntu44.1.2
2.04-1ubuntu47.4
2.06-2ubuntu14
2.06-2ubuntu14.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.06-2ubuntu14.1"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.06-2ubuntu14.1"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.06-2ubuntu14.1"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.06-2ubuntu14.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:20.04:LTS
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.128
1.129
1.130
1.131
1.133
1.134
1.135
1.136
1.137
1.138
1.139
1.140
1.141
1.142
1.142.1
1.142.3
1.142.4
1.142.5
1.142.6
1.142.8
1.142.9
1.142.10
1.142.11
1.167
1.167.2
1.173.2~20.04.1
1.173.4
1.187.2~20.04.2
1.187.3~20.04.1
1.187.4~20.04.1
1.187.6~20.04.1
1.187.12~20.04

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.187.12~20.04+2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.187.12~20.04+2.06-2ubuntu14.8"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.04-1ubuntu44
2.04-1ubuntu44.2
2.04-1ubuntu47.4
2.04-1ubuntu47.5
2.06-2ubuntu14
2.06-2ubuntu14.1
2.06-2ubuntu14.2
2.06-2ubuntu14.4
2.06-2ubuntu14.8

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.06-2ubuntu14.8"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:22.04:LTS
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.173
1.174
1.176
1.177
1.178
1.179
1.180
1.182~22.04.1
1.187.2
1.187.3~22.04.1
1.187.4~22.04.1
1.187.6
1.187.12

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.187.12+2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.187.12+2.06-2ubuntu14.8"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.04-1ubuntu47
2.04-1ubuntu48
2.06-2ubuntu3
2.06-2ubuntu4
2.06-2ubuntu5
2.06-2ubuntu6
2.06-2ubuntu7
2.06-2ubuntu10
2.06-2ubuntu14
2.06-2ubuntu14.1
2.06-2ubuntu14.2
2.06-2ubuntu14.4
2.06-2ubuntu14.8

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.06-2ubuntu14.8"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.06-2ubuntu14.8"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:24.04:LTS
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.197
1.199
1.201
1.202
1.202.2
1.202.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.202.5+2.12-1ubuntu7.3"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.202.5+2.12-1ubuntu7.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12~rc1-10ubuntu4
2.12~rc1-12ubuntu2
2.12-1ubuntu1
2.12-1ubuntu7
2.12-1ubuntu7.1
2.12-1ubuntu7.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.12-1ubuntu7.3"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.12-1ubuntu7.3"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.12-1ubuntu7.3"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.12-1ubuntu7.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:25.10
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.212
1.213
1.214

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.214+2.14~git20250718.0e36779-1ubuntu4"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.214+2.14~git20250718.0e36779-1ubuntu4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12-5ubuntu11
2.14~git20250718.0e36779-1ubuntu1
2.14~git20250718.0e36779-1ubuntu4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.14~git20250718.0e36779-1ubuntu4"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.14~git20250718.0e36779-1ubuntu4"
        },
        {
            "binary_name": "grub-efi-amd64-unsigned",
            "binary_version": "2.14~git20250718.0e36779-1ubuntu4"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.14~git20250718.0e36779-1ubuntu4"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.14~git20250718.0e36779-1ubuntu4"
        },
        {
            "binary_name": "grub-efi-arm64-unsigned",
            "binary_version": "2.14~git20250718.0e36779-1ubuntu4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:26.04:LTS
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.214
1.215

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.215+2.14-2ubuntu1"
        },
        {
            "binary_name": "grub-efi-arm64-signed",
            "binary_version": "1.215+2.14-2ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-unsigned

Package

Name
grub2-unsigned
Purl
pkg:deb/ubuntu/grub2-unsigned?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.14~git20250718.0e36779-1ubuntu4
2.14-2ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.14-2ubuntu1"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.14-2ubuntu1"
        },
        {
            "binary_name": "grub-efi-amd64-unsigned",
            "binary_version": "2.14-2ubuntu1"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.14-2ubuntu1"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.14-2ubuntu1"
        },
        {
            "binary_name": "grub-efi-arm64-unsigned",
            "binary_version": "2.14-2ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
Ubuntu:Pro:14.04:LTS
grub2

Package

Name
grub2
Purl
pkg:deb/ubuntu/grub2?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.00-19ubuntu2
2.00-19ubuntu3
2.00-19ubuntu4
2.00-20
2.00-21
2.00-22
2.02~beta2-5
2.02~beta2-6
2.02~beta2-7
2.02~beta2-8
2.02~beta2-9
2.02~beta2-9ubuntu1
2.02~beta2-9ubuntu1.1
2.02~beta2-9ubuntu1.2
2.02~beta2-9ubuntu1.3
2.02~beta2-9ubuntu1.4
2.02~beta2-9ubuntu1.5
2.02~beta2-9ubuntu1.6
2.02~beta2-9ubuntu1.7
2.02~beta2-9ubuntu1.8
2.02~beta2-9ubuntu1.11
2.02~beta2-9ubuntu1.12
2.02~beta2-9ubuntu1.14
2.02~beta2-9ubuntu1.15
2.02~beta2-9ubuntu1.16
2.02~beta2-9ubuntu1.17
2.02~beta2-9ubuntu1.20
2.02~beta2-9ubuntu1.21

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-common",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-coreboot",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-coreboot-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-amd64",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-amd64-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-arm",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-arm-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-arm64",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-arm64-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-ia32",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-efi-ia32-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-emu",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-firmware-qemu",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-ieee1275",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-ieee1275-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-linuxbios",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-pc",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-pc-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-rescue-pc",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-theme-starfield",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-uboot",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-uboot-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-xen",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub-xen-bin",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub2",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        },
        {
            "binary_name": "grub2-common",
            "binary_version": "2.02~beta2-9ubuntu1.21"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"
grub2-signed

Package

Name
grub2-signed
Purl
pkg:deb/ubuntu/grub2-signed?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.22
1.23
1.24
1.25
1.26
1.27
1.30
1.31
1.32
1.33
1.34
1.34.1
1.34.2
1.34.3
1.34.4
1.34.5
1.34.6
1.34.7
1.34.8
1.34.9
1.34.13
1.34.14
1.34.16
1.34.17
1.34.18
1.34.20
1.34.22
1.34.24

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "grub-efi-amd64-signed",
            "binary_version": "1.34.24+2.02~beta2-9ubuntu1.21"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61664.json"