OESA-2022-1597

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1597
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1597.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1597
Upstream
Published
2022-03-26T11:03:40Z
Modified
2025-08-12T05:09:53.623224Z
Summary
grub2 security update
Details

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.

Security Fix(es):

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.(CVE-2021-3981)

Database specific 
{
    "severity": "Low"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / grub2

Package

Name
grub2
Purl
pkg:rpm/openEuler/grub2&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-23.oe1

Ecosystem specific 

{
    "x86_64": [
        "grub2-efi-x64-2.04-23.oe1.x86_64.rpm",
        "grub2-pc-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-extra-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-minimal-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-x64-cdboot-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-ia32-cdboot-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-efi-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-2.04-23.oe1.x86_64.rpm",
        "grub2-debugsource-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-ia32-2.04-23.oe1.x86_64.rpm",
        "grub2-debuginfo-2.04-23.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "grub2-efi-aa64-cdboot-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-2.04-23.oe1.aarch64.rpm",
        "grub2-debugsource-2.04-23.oe1.aarch64.rpm",
        "grub2-efi-aa64-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-minimal-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-extra-2.04-23.oe1.aarch64.rpm",
        "grub2-debuginfo-2.04-23.oe1.aarch64.rpm"
    ],
    "src": [
        "grub2-2.04-23.oe1.src.rpm"
    ],
    "noarch": [
        "grub2-efi-x64-modules-2.04-23.oe1.noarch.rpm",
        "grub2-help-2.04-23.oe1.noarch.rpm",
        "grub2-common-2.04-23.oe1.noarch.rpm",
        "grub2-efi-ia32-modules-2.04-23.oe1.noarch.rpm",
        "grub2-pc-modules-2.04-23.oe1.noarch.rpm",
        "grub2-efi-aa64-modules-2.04-23.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / grub2

Package

Name
grub2
Purl
pkg:rpm/openEuler/grub2&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-23.oe1

Ecosystem specific 

{
    "x86_64": [
        "grub2-tools-extra-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-x64-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-ia32-cdboot-2.04-23.oe1.x86_64.rpm",
        "grub2-pc-2.04-23.oe1.x86_64.rpm",
        "grub2-debuginfo-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-efi-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-x64-cdboot-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-ia32-2.04-23.oe1.x86_64.rpm",
        "grub2-debugsource-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-minimal-2.04-23.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "grub2-efi-aa64-2.04-23.oe1.aarch64.rpm",
        "grub2-debuginfo-2.04-23.oe1.aarch64.rpm",
        "grub2-efi-aa64-cdboot-2.04-23.oe1.aarch64.rpm",
        "grub2-debugsource-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-extra-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-minimal-2.04-23.oe1.aarch64.rpm"
    ],
    "src": [
        "grub2-2.04-23.oe1.src.rpm"
    ],
    "noarch": [
        "grub2-help-2.04-23.oe1.noarch.rpm",
        "grub2-efi-x64-modules-2.04-23.oe1.noarch.rpm",
        "grub2-efi-ia32-modules-2.04-23.oe1.noarch.rpm",
        "grub2-pc-modules-2.04-23.oe1.noarch.rpm",
        "grub2-common-2.04-23.oe1.noarch.rpm",
        "grub2-efi-aa64-modules-2.04-23.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / grub2

Package

Name
grub2
Purl
pkg:rpm/openEuler/grub2&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.04-23.oe1

Ecosystem specific 

{
    "x86_64": [
        "grub2-efi-ia32-cdboot-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-extra-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-x64-cdboot-2.04-23.oe1.x86_64.rpm",
        "grub2-debuginfo-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-2.04-23.oe1.x86_64.rpm",
        "grub2-pc-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-x64-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-minimal-2.04-23.oe1.x86_64.rpm",
        "grub2-debugsource-2.04-23.oe1.x86_64.rpm",
        "grub2-tools-efi-2.04-23.oe1.x86_64.rpm",
        "grub2-efi-ia32-2.04-23.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "grub2-efi-aa64-2.04-23.oe1.aarch64.rpm",
        "grub2-debuginfo-2.04-23.oe1.aarch64.rpm",
        "grub2-efi-aa64-cdboot-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-minimal-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-2.04-23.oe1.aarch64.rpm",
        "grub2-debugsource-2.04-23.oe1.aarch64.rpm",
        "grub2-tools-extra-2.04-23.oe1.aarch64.rpm"
    ],
    "src": [
        "grub2-2.04-23.oe1.src.rpm"
    ],
    "noarch": [
        "grub2-efi-x64-modules-2.04-23.oe1.noarch.rpm",
        "grub2-pc-modules-2.04-23.oe1.noarch.rpm",
        "grub2-efi-aa64-modules-2.04-23.oe1.noarch.rpm",
        "grub2-common-2.04-23.oe1.noarch.rpm",
        "grub2-efi-ia32-modules-2.04-23.oe1.noarch.rpm",
        "grub2-help-2.04-23.oe1.noarch.rpm"
    ]
}