Low: grub2

Issue Overview:

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. (CVE-2021-3981)

Affected Packages:

grub2

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update grub2 to update your system.

New Packages:

aarch64:  
    grub2-2.06-9.amzn2.0.1.aarch64  
    grub2-tools-2.06-9.amzn2.0.1.aarch64  
    grub2-tools-minimal-2.06-9.amzn2.0.1.aarch64  
    grub2-tools-extra-2.06-9.amzn2.0.1.aarch64  
    grub2-efi-aa64-2.06-9.amzn2.0.1.aarch64  
    grub2-efi-aa64-ec2-2.06-9.amzn2.0.1.aarch64  
    grub2-efi-aa64-cdboot-2.06-9.amzn2.0.1.aarch64  
    grub2-emu-2.06-9.amzn2.0.1.aarch64  
    grub2-emu-modules-2.06-9.amzn2.0.1.aarch64  
    grub2-debuginfo-2.06-9.amzn2.0.1.aarch64  
  
noarch:  
    grub2-common-2.06-9.amzn2.0.1.noarch  
    grub2-efi-x64-modules-2.06-9.amzn2.0.1.noarch  
    grub2-pc-modules-2.06-9.amzn2.0.1.noarch  
    grub2-efi-aa64-modules-2.06-9.amzn2.0.1.noarch  
  
src:  
    grub2-2.06-9.amzn2.0.1.src  
  
x86_64:  
    grub2-2.06-9.amzn2.0.1.x86_64  
    grub2-tools-2.06-9.amzn2.0.1.x86_64  
    grub2-tools-efi-2.06-9.amzn2.0.1.x86_64  
    grub2-tools-minimal-2.06-9.amzn2.0.1.x86_64  
    grub2-tools-extra-2.06-9.amzn2.0.1.x86_64  
    grub2-efi-x64-2.06-9.amzn2.0.1.x86_64  
    grub2-efi-x64-ec2-2.06-9.amzn2.0.1.x86_64  
    grub2-efi-x64-cdboot-2.06-9.amzn2.0.1.x86_64  
    grub2-pc-2.06-9.amzn2.0.1.x86_64  
    grub2-emu-2.06-9.amzn2.0.1.x86_64  
    grub2-emu-modules-2.06-9.amzn2.0.1.x86_64  
    grub2-debuginfo-2.06-9.amzn2.0.1.x86_64  

Additional References

Red Hat: CVE-2021-3981

Mitre: CVE-2021-3981