CVE-2022-3675 (GCVE-0-2022-3675)
Vulnerability from cvelistv5
Published
2022-11-03 17:25
Modified
2025-05-02 18:53
Severity ?
2.6 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE
  • CWE-20 - Improper Input Validation
Summary
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.
References
Impacted products
Vendor Product Version
Fedora Project CoreOS Version: testing 36.20220906.2.0 and later
Version: next 36.20220906.1.0 and later
Version: stable 36.20220820.3.0 and later
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:03.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T18:53:02.484531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T18:53:10.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "coreos-assembler",
          "product": "CoreOS",
          "vendor": "Fedora Project",
          "versions": [
            {
              "lessThan": "testing 36.20221030.2.0 ",
              "status": "affected",
              "version": "testing 36.20220906.2.0 and later",
              "versionType": "fix"
            },
            {
              "lessThan": "next 37.20221031.1.0",
              "status": "affected",
              "version": "next 36.20220906.1.0 and later",
              "versionType": "fix"
            },
            {
              "lessThan": "stable 36.20221014.3.0",
              "status": "affected",
              "version": "stable 36.20220820.3.0 and later",
              "versionType": "fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eFedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Fedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-03T17:49:43.071Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2022-3675",
    "datePublished": "2022-11-03T17:25:02.823Z",
    "dateReserved": "2022-10-24T06:40:10.332Z",
    "dateUpdated": "2025-05-02T18:53:10.153Z",
    "requesterUserId": "f3a2da25-33ae-4444-b293-a5bd0f5d6b21",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/coreos/fedora-coreos-tracker/issues/1333\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/\", \"tags\": [\"related\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:14:03.251Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-02T18:53:02.484531Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-02T18:53:07.039Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 2.6, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Fedora Project\", \"product\": \"CoreOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"testing 36.20220906.2.0 and later\", \"lessThan\": \"testing 36.20221030.2.0 \", \"versionType\": \"fix\"}, {\"status\": \"affected\", \"version\": \"next 36.20220906.1.0 and later\", \"lessThan\": \"next 37.20221031.1.0\", \"versionType\": \"fix\"}, {\"status\": \"affected\", \"version\": \"stable 36.20220820.3.0 and later\", \"lessThan\": \"stable 36.20221014.3.0\", \"versionType\": \"fix\"}], \"packageName\": \"coreos-assembler\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/coreos/fedora-coreos-tracker/issues/1333\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/\", \"tags\": [\"related\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fedora CoreOS supports setting a GRUB bootloader password\\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\\nGRUB command-line, modify kernel command-line arguments, or boot\\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\\nmisconfiguration which allows booting non-default OSTree deployments\\nwithout entering a password.  This allows someone with access to the\\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\\nany security fixes that have recently been applied to the machine.  A\\npassword is still required to modify kernel command-line arguments and\\nto access the GRUB command line.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eFedora CoreOS supports setting a GRUB bootloader password\\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\\nGRUB command-line, modify kernel command-line arguments, or boot\\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\\nmisconfiguration which allows booting non-default OSTree deployments\\nwithout entering a password.  This allows someone with access to the\\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\\nany security fixes that have recently been applied to the machine.  A\\npassword is still required to modify kernel command-line arguments and\\nto access the GRUB command line.\\n\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2022-11-03T17:49:43.071Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-3675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T18:53:10.153Z\", \"dateReserved\": \"2022-10-24T06:40:10.332Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2022-11-03T17:25:02.823Z\", \"requesterUserId\": \"f3a2da25-33ae-4444-b293-a5bd0f5d6b21\", \"assignerShortName\": \"fedora\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.