{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/vex/2021/cve-2021-3695-els_os-centos-stream8els.json" } ], "tracking": { "current_release_date": "2026-04-24T10:36:25Z", "generator": { "date": "2026-04-24T10:36:25Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2021-3695-ELS_OS-CENTOS-STREAM8ELS", "initial_release_date": "2021-01-01T00:00:00Z", "revision_history": [ { "date": "2021-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-17T17:31:55Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-04-24T10:36:25Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2021-3695" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" }, { "branches": [ { "category": "product_version", "name": "shim-ia32-0:15.8-1.el8_2.x86_64", "product": { "name": "shim-ia32-0:15.8-1.el8_2.x86_64", "product_id": "shim-ia32-0:15.8-1.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/shim-ia32@15.8-1.el8_2?arch=x86_64" } } }, { "category": "product_version", "name": "shim-x64-0:15.8-1.el8_2.x86_64", "product": { "name": "shim-x64-0:15.8-1.el8_2.x86_64", "product_id": "shim-x64-0:15.8-1.el8_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/shim-x64@15.8-1.el8_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "product": { "name": "shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "product_id": "shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shim-ia32@15.8-1.el8_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "product": { "name": "shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "product_id": "shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/shim-x64@15.8-1.el8_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64" }, "product_reference": "shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64" }, "product_reference": "shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "shim-ia32-0:15.8-1.el8_2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.x86_64" }, "product_reference": "shim-ia32-0:15.8-1.el8_2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "shim-x64-0:15.8-1.el8_2.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.x86_64" }, "product_reference": "shim-x64-0:15.8-1.el8_2.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3695", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.x86_64", "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-3695" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-12", "url": "https://security.gentoo.org/glsa/202209-12" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220930-0001/", "url": "https://security.netapp.com/advisory/ntap-20220930-0001/" } ], "release_date": "2022-07-06T16:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "CVE-2021-3695 is a local-only flaw in GRUB2’s PNG reader that is reachable only if GRUB renders a 16‑bit grayscale PNG; systems configured with text‑mode menus or without boot‑time images do not hit this code path. Exploitation further requires pre‑positioning a crafted image in GRUB’s boot assets (e.g., on the EFI System Partition or /boot) and performing high‑complexity heap manipulation despite the parser’s triple‑write behavior, which already presumes control over boot files and makes reliable code execution at boot highly impractical. Given these conditions, this is a low‑priority risk for managed enterprise server and VM deployments.", "product_ids": [ "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.x86_64", "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.tuxcare.els1.x86_64", "CentOS-Stream-8:shim-ia32-0:15.8-1.el8_2.x86_64", "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.tuxcare.els1.x86_64", "CentOS-Stream-8:shim-x64-0:15.8-1.el8_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }