Fedora Account System
Red Hat Associate
Red Hat Customer
GRUB2 grub.cfg configuration file is created with the wrong permission (0644) allowing unprivileged users to read grub's configuration file content. This presents a low Confidentiality risk as grub.cfg may contain encrypted passwords.
Created grub2 tracking bugs for this issue: Affects: fedora-all [bug 2030358]
Upstream patch for this issue: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:2110 https://access.redhat.com/errata/RHSA-2022:2110
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3981