Hi, On Thu, Mar 04, 2021 at 02:21:04PM +0100, Sylvain Beucler wrote: > Are CVE-2021-20225 and CVE-2021-20233 specific to SecureBoot?
They are only non-negligligible in SecureBoot context, or put otherwise without SecureBoot grub there is not crossing any reasonable trust boundary here. The short option parser issue for instance: An attacker able to trigger a search "search -hhhhhhhhhhhhhf" can do much more already without this issue in non-SB context. Similarly for the menuentry command issue. Regards, Salvatore
