CVE-2021-3418 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Insufficient validation
Description	The GRUB2 upstream reintroduced CVE-2020-15705. This refers to a distro specific flaw which upstream introduced in Grub 2.05. If certificates that signed GRUB2 are installed into db, GRUB2 can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in Secure Boot mode and will implement lockdown, yet it could have been tampered. This flaw only affects upstream and distributions using the shim_lock verifier.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1630	grub	2:2.04-10		Medium	Not affected

References
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=968de8c23c1cba0f18230f778ebcf6c412ec8ec5