CVE-2021-3981

CWE-276Incorrect Default Permissions8 documents8 sources
Severity
3.3LOW
EPSS
0.0%
top 93.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU Grub2Fedoraproject Fedora
Timeline
PublishedMar 10
Latest updateSep 8

Description

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

Debiangrub2< 2.06-8+2
NVDgnu/grub22.06
CVEListV5grub2grub2 2.06 and previous versions

Also affects: Fedora 34

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-6hfm-rxpf-979r: A flaw in grub2 was found where its configuration file, known as grub2022-03-11
OSV
CVE-2021-3981: A flaw in grub2 was found where its configuration file, known as grub2022-03-10
CVEList
CVE-2021-3981: A flaw in grub2 was found where its configuration file, known as grub2022-03-08

📋Vendor Advisories

4
Ubuntu
GRUB2 vulnerabilities2023-09-08
Microsoft
A flaw in grub2 was found where its configuration file known as grub.cfg is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severit2022-03-08
Red Hat
grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content2021-11-17
Debian
CVE-2021-3981: grub2 - A flaw in grub2 was found where its configuration file, known as grub.cfg, is be...2021
CVE-2021-3981 (LOW CVSS 3.3) | A flaw in grub2 was found where its | cvebase.io