CVE-2021-3981

NameCVE-2021-3981
DescriptionIncorrect permission in grub.cfg allow unprivileged user to read the file content
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs1001414

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
grub2 (PTS)stretch2.02~beta3-5+deb9u2fixed
buster, buster (security)2.02+dfsg1-20+deb10u4fixed
bullseye2.04-20fixed
bookworm2.04-20vulnerable
sid2.06-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
grub2sourcestretch(not affected)
grub2sourcebuster(not affected)
grub2sourcebullseye(not affected)
grub2source(unstable)(unfixed)1001414

Notes

[bullseye] - grub2 <not-affected> (Vulnerable code introduced later)
[buster] - grub2 <not-affected> (Vulnerable code introduced later)
[stretch] - grub2 <not-affected> (Vulnerable code introduced later)
https://bugzilla.redhat.com/show_bug.cgi?id=2024170
Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1)
https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html

Search for package or bug name: Reporting problems