Configuration File Permission Flaw in GRUB2 by Red Hat
CVE-2021-3981

3.3LOW

Key Information:

Vendor: Gnu
Status: Grub2
Vendor: CVE Published:; 8 March 2022

What is CVE-2021-3981?

A security issue has been identified in the GRUB2 bootloader where its configuration file (grub.cfg) is created with incorrect permissions, allowing non-privileged users to read potentially sensitive content, including encrypted passwords. While a fix has been proposed upstream, no patched version has yet been released for user systems. This presents a confidentiality risk as unauthorized access to these details could compromise system security.

Affected Version(s)

grub2 grub2 2.06 and previous versions

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=2024170

x_refsource_MISC

https://security.gentoo.org/glsa/202209-12

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Nov 19, 2021

Gnu

What is CVE-2021-3981?

Affected Version(s)

References

CVSS V3.1

Timeline