A vulnerability in grub2 allowing users to load non-verified code, such as tools to circumvent Secure Boot was reported. The problem raised from introducing this commit: http://pkgs.devel.redhat.com/cgit/rpms/grub2/commit/?h=rhel-7.2&id=909ac684df7a662e7afd9d45d546ad97d363d197 Multiboot a multiboot2 modules remained built-in, that should not function on UEFI systems, but there is a prevention missing. Non-verified code can be loaded from boot menu if there's no password set, or in the config file if gained root privileges. For reproducing the issue, see Bug #1262904.
*** This bug has been marked as a duplicate of bug 1264103 ***