Vulnerability DatabaseCVE-2021-3981

CVE-2021-3981:
Rocky Linux vulnerability analysis and mitigation

Overview

A flaw in GRUB2 (CVE-2021-3981) was discovered where its configuration file, known as grub.cfg, is being created with the wrong permission set (0644) allowing non-privileged users to read its content. This vulnerability affects GRUB2 version 2.06 and previous versions (CVE Details, Red Hat CVE).

Technical details

The vulnerability stems from incorrect permission settings in the GRUB2 configuration file (grub.cfg). When the file is created, it is set with permissions that allow unprivileged users to read its contents, representing a low severity confidentiality issue. The issue was fixed in GRUB upstream through a patch that restores the proper umask for grub.cfg (Red Hat Bugzilla, Fedora Update).

Impact

The primary impact of this vulnerability is that unauthorized users can read the grub.cfg file content, which may contain encrypted passwords. This represents a low severity confidentiality issue as those users can potentially access any encrypted passwords present in the configuration file (CVE Details).

Mitigation and workarounds

The issue has been fixed in the GRUB upstream through a patch that restores the proper umask for grub.cfg. Users are advised to upgrade to patched versions of GRUB2. For Fedora users, the fix is available in version 2.06-9.fc34, and for Gentoo users, versions >= 2.06 contain the fix (Fedora Update, Gentoo Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

3.3

Score

Published March 10, 2022

Severity LOW

CNA Score N/A

Affected Technologies

Rocky Linux
Alma Linux

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 6

Exploitation Probability (EPSS) N/A

Affected packages and libraries

grub2
grub2-efi

Sources

NVD
AlmaLinux Security Advisory
- AlmaLinux 8 Severity LOWHas FixAdded at: Jul 20, 2022
CBL-Mariner
- CBL-Mariner 1.0, 2.0 Severity LOWHas FixAdded at: Jun 10, 2023
- CBL-Mariner 3.0 Severity LOWHas FixAdded at: May 04, 2025
Debian Security Tracker
- Debian 10, 11 Severity MEDIUMNo FixAdded at: Nov 16, 2022
- Debian 12 Severity LOWHas FixAdded at: Mar 28, 2022
- Debian 13 Severity LOWHas FixAdded at: Jun 11, 2023
- Debian 14 Severity LOWHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity LOWHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Sep 25, 2022
Photon Security Advisory
- Photon 5.0 Severity LOWHas FixAdded at: Apr 30, 2024
Red Hat Errata
- Red Hat 7 Severity LOWNo FixAdded at: Dec 08, 2021
- Red Hat 8 Severity LOWHas FixAdded at: Dec 08, 2021
Rocky Linux Product Errata
- Rocky 8 Severity LOWHas FixAdded at: Dec 07, 2025
Seal Security
- Red Hat 7 Severity LOWHas FixAdded at: Nov 18, 2025
TuxCare
- AlmaLinux 9.2 Severity LOWNo FixAdded at: Nov 18, 2025
Ubuntu Security Tracker
- Ubuntu 20.04 Severity LOWHas FixAdded at: Jul 23, 2023
- Ubuntu 22.04 Severity LOWHas FixAdded at: Nov 01, 2022

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Rocky Linux vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13699	HIGH	7	MariaDB Server	mariadb:10.3::mariadb-common	No	Yes	Dec 23, 2025
CVE-2025-43541	MEDIUM	4.3	Apple Safari	javascriptcoregtk4.1-debuginfo	No	Yes	Dec 17, 2025
CVE-2025-43536	MEDIUM	4.3	Apple Safari	javascriptcoregtk6.0-debuginfo	No	Yes	Dec 17, 2025
CVE-2025-43535	MEDIUM	4.3	Apple Safari	webkit2gtk3-devel	No	Yes	Dec 17, 2025
CVE-2025-61594	LOW	2.7	Ruby	ruby:3.3::rubygem-mongo-doc	No	Yes	Dec 30, 2025