---

CVE-2021-3418 - log back

CVE-2021-3418 edited at 03 Mar 2021 09:39:28
References	https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html + https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=968de8c23c1cba0f18230f778ebcf6c412ec8ec5

CVE-2021-3418 edited at 02 Mar 2021 18:25:23
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Insufficient validation
Description	+ The GRUB2 upstream reintroduced CVE-2020-15705. This refers to a distro specific flaw which upstream introduced in Grub 2.05. + + If certificates that signed GRUB2 are installed into db, GRUB2 can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in Secure Boot mode and will implement lockdown, yet it could have been tampered. + + This flaw only affects upstream and distributions using the shim_lock verifier.
References	+ https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

CVE-2021-3418 created at 02 Mar 2021 18:22:20
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes