AZL-6467 CVE-2021-3418 affecting package grub2 for versions less than 2.06~rc1-7

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...

CVE-2021-3418

A flaw was found in grub. If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. Thi...

GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

...

CVE-2020-15705 GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...