Main Vulnerability Database Vulnerabilities #VU64272

#VU64272 Insecure Inherited Permissions in grub - CVE-2021-3981

Published: June 14, 2022

Vulnerability identifier: #VU64272

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3981

CWE-ID: CWE-277

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
grub

Software vendor:
GNU

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for in grub.cfg file that are set by the application. A local user with access to the system can view contents of files and directories.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2024170
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/

#VU64272 Insecure Inherited Permissions in grub - CVE-2021-3981

Description

Remediation

External links

Please verify you're human