CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
gnugrub2
𝑥
≤ 2.06
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
grub2
bookworm
2.06-13+deb12u1
fixed
bookworm (security)
2.06-13+deb12u1
fixed
bullseye
no-dsa
bullseye (security)
vulnerable
buster
no-dsa
sid
2.12-5
fixed
stretch
not-affected
trixie
2.12-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
grub2
bionic
not-affected
focal
not-affected
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
ignored
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
grub2-signed
bionic
needs-triage
focal
Fixed 1.187.3~20.04.1
released
jammy
Fixed 1.187.3~22.04.1
released
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needs-triage
xenial
needs-triage
grub2-unsigned
bionic
needs-triage
focal
Fixed 2.06-2ubuntu14.1
released
jammy
Fixed 2.06-2ubuntu14.1
released
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
grub2
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-arm64-efi
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-i386-pc
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-powerpc-ieee1275
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-s390x-emu
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-snapper-plugin
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-systemd-sleep-plugin
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
grub2-x86_64-efi
suse enterprise desktop 15 SP4
2.06-150400.9.9
fixed
suse enterprise desktop 15 SP5
2.06-150500.27.4
fixed
suse enterprise desktop 15 SP6
2.12-150600.6.13
fixed
suse enterprise desktop 15 SP7
2.12-150700.17.4
fixed
suse enterprise sap 15 SP4
2.06-150400.9.9
fixed
suse enterprise sap 15 SP5
2.06-150500.27.4
fixed
suse enterprise sap 15 SP6
2.12-150600.6.13
fixed
suse enterprise sap 15 SP7
2.12-150700.17.4
fixed
suse enterprise server 15 SP4
2.06-150400.9.9
fixed
suse enterprise server 15 SP5
2.06-150500.27.4
fixed
suse enterprise server 15 SP6
2.12-150600.6.13
fixed
suse enterprise server 15 SP7
2.12-150700.17.4
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grub2-common
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-aa64
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-aa64-cdboot
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-aa64-modules
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-ia32
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-ia32-cdboot
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-ia32-modules
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-x64
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-x64-cdboot
RHEL 8
1:2.02-123.el8
fixed
grub2-efi-x64-modules
RHEL 8
1:2.02-123.el8
fixed
grub2-pc
RHEL 8
1:2.02-123.el8
fixed
grub2-pc-modules
RHEL 8
1:2.02-123.el8
fixed
grub2-ppc64le
RHEL 8
1:2.02-123.el8
fixed
grub2-ppc64le-modules
RHEL 8
1:2.02-123.el8
fixed
grub2-tools
RHEL 8
1:2.02-123.el8
fixed
grub2-tools-efi
RHEL 8
1:2.02-123.el8
fixed
grub2-tools-extra
RHEL 8
1:2.02-123.el8
fixed
grub2-tools-minimal
RHEL 8
1:2.02-123.el8
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/01/15/3
https://bugzilla.redhat.com/show_bug.cgi?id=2024170
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/
https://security.gentoo.org/glsa/202209-12
http://www.openwall.com/lists/oss-security/2024/01/15/3
https://bugzilla.redhat.com/show_bug.cgi?id=2024170
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX/
https://security.gentoo.org/glsa/202209-12