3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.9 Low
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.1%
Issue Overview:
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. (CVE-2021-3981)
Affected Packages:
grub2
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update grub2 to update your system.
New Packages:
aarch64:
grub2-2.06-9.amzn2.0.1.aarch64
grub2-tools-2.06-9.amzn2.0.1.aarch64
grub2-tools-minimal-2.06-9.amzn2.0.1.aarch64
grub2-tools-extra-2.06-9.amzn2.0.1.aarch64
grub2-efi-aa64-2.06-9.amzn2.0.1.aarch64
grub2-efi-aa64-ec2-2.06-9.amzn2.0.1.aarch64
grub2-efi-aa64-cdboot-2.06-9.amzn2.0.1.aarch64
grub2-emu-2.06-9.amzn2.0.1.aarch64
grub2-emu-modules-2.06-9.amzn2.0.1.aarch64
grub2-debuginfo-2.06-9.amzn2.0.1.aarch64
noarch:
grub2-common-2.06-9.amzn2.0.1.noarch
grub2-efi-x64-modules-2.06-9.amzn2.0.1.noarch
grub2-pc-modules-2.06-9.amzn2.0.1.noarch
grub2-efi-aa64-modules-2.06-9.amzn2.0.1.noarch
src:
grub2-2.06-9.amzn2.0.1.src
x86_64:
grub2-2.06-9.amzn2.0.1.x86_64
grub2-tools-2.06-9.amzn2.0.1.x86_64
grub2-tools-efi-2.06-9.amzn2.0.1.x86_64
grub2-tools-minimal-2.06-9.amzn2.0.1.x86_64
grub2-tools-extra-2.06-9.amzn2.0.1.x86_64
grub2-efi-x64-2.06-9.amzn2.0.1.x86_64
grub2-efi-x64-ec2-2.06-9.amzn2.0.1.x86_64
grub2-efi-x64-cdboot-2.06-9.amzn2.0.1.x86_64
grub2-pc-2.06-9.amzn2.0.1.x86_64
grub2-emu-2.06-9.amzn2.0.1.x86_64
grub2-emu-modules-2.06-9.amzn2.0.1.x86_64
grub2-debuginfo-2.06-9.amzn2.0.1.x86_64
Red Hat: CVE-2021-3981
Mitre: CVE-2021-3981
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.9 Low
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
14.1%