Main Vulnerability Database Vulnerabilities #VU51196

#VU51196 Improper preservation of permissions in grub - CVE-2021-3418

Published: March 3, 2021 / Updated: October 19, 2022

Vulnerability identifier: #VU51196

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3418

CWE-ID: CWE-281

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
grub

Software vendor:
GNU

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists doe to re-introduction of vulnerability #VU32927, fixed in GRUB 2.05. If certificates that signed GRUB2 are installed into db, GRUB2 can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in Secure Boot mode and will implement lock down, yet it could have been tampered.

Remediation

Install updates from vendor's website.

External links

http://seclists.org/oss-sec/2021/q1/189