#VU51196 Improper preservation of permissions in grub - CVE-2021-3418
Published: March 3, 2021 / Updated: October 19, 2022
Vulnerability identifier: #VU51196
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3418
CWE-ID: CWE-281
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
grub
grub
Software vendor:
GNU
GNU
Description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists doe to re-introduction of vulnerability #VU32927, fixed in GRUB 2.05. If certificates that signed GRUB2 are installed into db, GRUB2 can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in Secure Boot mode and will implement lock down, yet it could have been tampered.
Remediation
Install updates from vendor's website.