CVE-2021-3418

Name of the Vulnerable Software and Affected Versions Grub2 versions prior to 2.06

Description The issue is related to the implementation of the shim lock mechanism in Grub2, which is associated with incorrect cryptographic signature verification. This flaw allows an attacker to boot any kernel without signature validation, potentially leading to tampering. The booted kernel may think it was booted in secure boot mode and implement lockdown, despite the potential tampering. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Grub2 versions prior to 2.06, update to version 2.06 or later to resolve the issue. As a temporary workaround, consider disabling the use of the shim lock mechanism until a patch is available. Restrict access to the boot process to minimize the risk of exploitation.