CVE-2021-3981
Summary
| CVE | CVE-2021-3981 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-03-10 17:43:00 UTC |
|---|
| Updated | 2024-01-16 01:15:00 UTC |
|---|
| Description | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Fedoraproject |
Fedora |
34 |
All |
All |
All |
| Application |
Gnu |
Grub2 |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 34 Update: grub2-2.06-9.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: grub2-2.06-9.fc34 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| 2024170 – (CVE-2021-3981) CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content |
MISC |
bugzilla.redhat.com |
|
| GRUB: Multiple Vulnerabilities (GLSA 202209-12) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| oss-security - CVE-2023-4001: a password bypass vulnerability in the downstream GRUB
boot manager |
|
www.openwall.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159801 Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-2110)
- 184114 Debian Security Update for grub2 (CVE-2021-3981)
- 240320 Red Hat Update for grub2 security (RHSA-2022:2110)
- 282111 Fedora Security Update for grub2 (FEDORA-2021-8dbf0a81c0)
- 282196 Fedora Security Update for grub2 (FEDORA-2021-73d63662b0)
- 353265 Amazon Linux Security Advisory for grub2 : ALAS2-2022-1787
- 354332 Amazon Linux Security Advisory for grub2 : ALAS2022-2022-109
- 354408 Amazon Linux Security Advisory for grub2 : ALAS2022-2022-043
- 354535 Amazon Linux Security Advisory for grub2 : ALAS-2022-109
- 355137 Amazon Linux Security Advisory for grub2 : ALAS2023-2023-020
- 671769 EulerOS Security Update for grub2 (EulerOS-SA-2022-1819)
- 671775 EulerOS Security Update for grub2 (EulerOS-SA-2022-1828)
- 671912 EulerOS Security Update for grub2 (EulerOS-SA-2022-1967)
- 671939 EulerOS Security Update for grub2 (EulerOS-SA-2022-1997)
- 672032 EulerOS Security Update for grub2 (EulerOS-SA-2022-2268)
- 672481 EulerOS Security Update for grub2 (EulerOS-SA-2023-1011)
- 672521 EulerOS Security Update for grub2 (EulerOS-SA-2023-1036)
- 710619 Gentoo Linux GRUB Multiple Vulnerabilities (GLSA 202209-12)
- 900742 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (8934)
- 901235 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (8937)
- 901359 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (8934-1)
- 902625 Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (8937-1)
- 940519 AlmaLinux Security Update for grub2 (ALSA-2022:2110)
- 960128 Rocky Linux Security Update for grub2 (RLSA-2022:2110)
