Bug 1933757 (CVE-2021-3418)
| Summary: | CVE-2021-3418 grub2: grub 2.05 reintroduced CVE-2020-15705 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marco Benatto <mbenatto> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bootloader-eng-team, fmartine, lkundrak, pjones, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | grub 2.06 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in grub. If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects upstream and distributions using the shim_lock mechanism.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-04 01:01:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1899965, 1933797 | ||
|
Description
Marco Benatto
2021-03-01 16:19:18 UTC
Statement: Red Hat Enterprise Linux 7 and 8 are not affected by this issue, as both versions doesn't ship the shim_lock mechanism. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3418 |