CVE-2021-3418

2021-03-1522:15:13

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.

OSVersionArchitecturePackageVersionFilename
Debian12allgrub2< 2.06-13+deb12u1grub2_2.06-13+deb12u1_all.deb
Debian11allgrub2< 2.06-3~deb11u6grub2_2.06-3~deb11u6_all.deb
Debian999allgrub2< 2.12-5grub2_2.12-5_all.deb
Debian13allgrub2< 2.12-5grub2_2.12-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	grub2	< 2.06-13+deb12u1	grub2_2.06-13+deb12u1_all.deb
Debian	11	all	grub2	< 2.06-3~deb11u6	grub2_2.06-3~deb11u6_all.deb
Debian	999	all	grub2	< 2.12-5	grub2_2.12-5_all.deb
Debian	13	all	grub2	< 2.12-5	grub2_2.12-5_all.deb