Vulnerabilities > CVE-2021-3981

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

gnu

fedoraproject

NVD

Published: 2022-03-10

Updated: 2024-11-21

Summary

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Grub2 - GNU Grub2 1.98 GNU Grub2 1.99 GNU Grub2 2.00 GNU Grub2 2.01 GNU Grub2 2.02 GNU Grub2 2.04 GNU Grub2 2.06	8
OS	Fedoraproject Fedoraproject Fedora 34	1

References

http://www.openwall.com/lists/oss-security/2024/01/15/3
http://www.openwall.com/lists/oss-security/2024/01/15/3
https://bugzilla.redhat.com/show_bug.cgi?id=2024170
https://bugzilla.redhat.com/show_bug.cgi?id=2024170
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/
https://security.gentoo.org/glsa/202209-12
https://security.gentoo.org/glsa/202209-12

Vulnerabilities > CVE-2021-3981 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3981"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-3981