QSearchQSearch

CVE-2021-3418

6.4 MEDIUM

If certificates that signed grub are installed into db, grub can be booted directly

Published: 2021-03-15 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.4 MEDIUM
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-281

Affected products

VendorProduct
gnugrub2

Description

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-42009 A flaw was found in gnutls (7.5 HIGH)
  • CVE-2026-42010 A flaw was found in gnutls (7.1 HIGH)
  • CVE-2026-3833 A flaw was found in gnutls (6.5 MEDIUM)
  • CVE-2026-3832 A flaw was found in gnutls (3.7 LOW)
  • CVE-2026-33845 A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow ... (7.5 HIGH)

Same CWE

  • CVE-2026-40767 Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions (7.5 HIGH)
  • CVE-2024-47270 Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 an... (2.7 LOW)
  • CVE-2026-44832 Snipe-IT is an IT asset/license management system (8.8 HIGH)
  • CVE-2026-24194 NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission han... (7.8 HIGH)
  • CVE-2026-34744 Mantis Bug Tracker (MantisBT) is an open source issue tracker