CVE-2022-3675

Fedora CoreOS supports setting a GRUB bootloader password
using a Butane config. When this feature is enabled, GRUB requires a password to access the
GRUB command-line, modify kernel command-line arguments, or boot
non-default OSTree deployments.  Recent Fedora CoreOS releases have a
misconfiguration which allows booting non-default OSTree deployments
without entering a password.  This allows someone with access to the
GRUB menu to boot into an older version of Fedora CoreOS, reverting
any security fixes that have recently been applied to the machine.  A
password is still required to modify kernel command-line arguments and
to access the GRUB command line.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
fedoraCNA
2.6 LOW
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
redhatfedora_coreos
36.20220820.3.0 ≤
𝑥
< 37.20221031.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/
https://github.com/coreos/fedora-coreos-tracker/issues/1333
https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/
https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/
https://github.com/coreos/fedora-coreos-tracker/issues/1333
https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/