An authentication bypass in GRUB2 tracked as CVE-2023-4001 lets an attacker with physical access to a machine defeat GRUB’s boot-time password protection by tricking the bootloader into loading a configuration that doesn’t contain the password settings. The defect arises from how GRUB searches...
