Launchpad.net

CVE 2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

Related bugs and status

CVE-2021-3981 (Candidate) is related to these bugs:

Bug #2008950: Missing modules on arm64 builds of monolithic grub

Summary				In	Importance	Status
	2008950	Missing modules on arm64 builds of monolithic grub		grub2 (Ubuntu)	Undecided	Fix Released

Bug #2028947: grub2-unsigned/2.12~rc1-4ubuntu1 signing

		In	Importance	Status
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-unsigned (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2-signed (Ubuntu)	Undecided	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	canonical-signing-jobs task00	Medium	Fix Released
2028947	grub2-unsigned/2.12~rc1-4ubuntu1 signing	grub2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-3981

Related bugs and status

Related bugs

References