CVE-2022-3675

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Fedora CoreOS supports setting a GRUB bootloader password
using a Butane config. When this feature is enabled, GRUB requires a password to access the
GRUB command-line, modify kernel command-line arguments, or boot
non-default OSTree deployments. Recent Fedora CoreOS releases have a
misconfiguration which allows booting non-default OSTree deployments
without entering a password. This allows someone with access to the
GRUB menu to boot into an older version of Fedora CoreOS, reverting
any security fixes that have recently been applied to the machine. A
password is still required to modify kernel command-line arguments and
to access the GRUB command line.

Fedora CoreOS admite la configuración de una contraseña del cargador de arranque GRUB usando una configuración de Butane. Cuando esta característica está habilitada, GRUB requiere una contraseña para acceder a la línea de comandos de GRUB, modificar los argumentos de la línea de comandos del kernel o iniciar implementaciones de OSTree no predeterminadas. Las versiones recientes de Fedora CoreOS tienen una configuración incorrecta que permite iniciar implementaciones OSTree no predeterminadas sin ingresar una contraseña. Esto permite que alguien con acceso al menú de GRUB inicie una versión anterior de Fedora CoreOS, revirtiendo cualquier corrección de seguridad que se haya aplicado recientemente a la máquina. Aún se requiere una contraseña para modificar los argumentos de la línea de comandos del kernel y acceder a la línea de comandos de GRUB.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-24 CVE Reserved
2022-11-03 CVE Published
2024-05-26 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-306: Missing Authentication for Critical Function

CAPEC

References (3)

URL	Tag	Source
https://github.com/coreos/fedora-coreos-tracker/issues/1333	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password	2023-11-07
https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Fedora Coreos Search vendor "Redhat" for product "Fedora Coreos"				>= 36.20220820.3.0 < 37.20221031.1.0 Search vendor "Redhat" for product "Fedora Coreos" and version " >= 36.20220820.3.0 < 37.20221031.1.0"		-		Affected