Bug 1933757 (CVE-2021-3418) - CVE-2021-3418 grub2: grub 2.05 reintroduced CVE-2020-15705
Summary: CVE-2021-3418 grub2: grub 2.05 reintroduced CVE-2020-15705
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-3418
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1899965 1933797
TreeView+ depends on / blocked
 
Reported: 2021-03-01 16:19 UTC by Marco Benatto
Modified: 2021-09-28 18:36 UTC (History)
5 users (show)

Fixed In Version: grub 2.06
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in grub. If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects upstream and distributions using the shim_lock mechanism.
Clone Of:
Environment:
Last Closed: 2021-03-04 01:01:53 UTC
Embargoed:

Attachments (Terms of Use)

Description Marco Benatto 2021-03-01 16:19:18 UTC 
The GRUB2 upstream version reintroduced the CVE-2020-15705. This refers to a distro specific flaw which made upstream in the mentioned version.

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock mechanism.
Comment 2 Marco Benatto 2021-03-02 13:00:29 UTC 
Statement:

Red Hat Enterprise Linux 7 and 8 are not affected by this issue, as both versions doesn't ship the shim_lock mechanism.
Comment 3 Product Security DevOps Team 2021-03-04 01:01:53 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3418
Note You need to log in before you can comment on or make changes to this bug.