CVE-2022-3675 (GCVE-0-2022-3675)

Vulnerability from cvelistv5 – Published: 2022-11-03 17:25 – Updated: 2025-05-02 18:53
VLAI?
Summary
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.
Severity ?
2.6 (Low)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Fedora Project CoreOS Affected: testing 36.20220906.2.0 and later , < testing 36.20221030.2.0 (fix)
Affected: next 36.20220906.1.0 and later , < next 37.20221031.1.0 (fix)
Affected: stable 36.20220820.3.0 and later , < stable 36.20221014.3.0 (fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:03.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T18:53:02.484531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T18:53:10.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "coreos-assembler",
          "product": "CoreOS",
          "vendor": "Fedora Project",
          "versions": [
            {
              "lessThan": "testing 36.20221030.2.0 ",
              "status": "affected",
              "version": "testing 36.20220906.2.0 and later",
              "versionType": "fix"
            },
            {
              "lessThan": "next 37.20221031.1.0",
              "status": "affected",
              "version": "next 36.20220906.1.0 and later",
              "versionType": "fix"
            },
            {
              "lessThan": "stable 36.20221014.3.0",
              "status": "affected",
              "version": "stable 36.20220820.3.0 and later",
              "versionType": "fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eFedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "Fedora CoreOS supports setting a GRUB bootloader password\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\nGRUB command-line, modify kernel command-line arguments, or boot\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\nmisconfiguration which allows booting non-default OSTree deployments\nwithout entering a password.  This allows someone with access to the\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\nany security fixes that have recently been applied to the machine.  A\npassword is still required to modify kernel command-line arguments and\nto access the GRUB command line.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-03T17:49:43.071Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/coreos/fedora-coreos-tracker/issues/1333"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2022-3675",
    "datePublished": "2022-11-03T17:25:02.823Z",
    "dateReserved": "2022-10-24T06:40:10.332Z",
    "dateUpdated": "2025-05-02T18:53:10.153Z",
    "requesterUserId": "f3a2da25-33ae-4444-b293-a5bd0f5d6b21",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/coreos/fedora-coreos-tracker/issues/1333\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/\", \"tags\": [\"related\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:14:03.251Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-02T18:53:02.484531Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-02T18:53:07.039Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 2.6, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Fedora Project\", \"product\": \"CoreOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"testing 36.20220906.2.0 and later\", \"lessThan\": \"testing 36.20221030.2.0 \", \"versionType\": \"fix\"}, {\"status\": \"affected\", \"version\": \"next 36.20220906.1.0 and later\", \"lessThan\": \"next 37.20221031.1.0\", \"versionType\": \"fix\"}, {\"status\": \"affected\", \"version\": \"stable 36.20220820.3.0 and later\", \"lessThan\": \"stable 36.20221014.3.0\", \"versionType\": \"fix\"}], \"packageName\": \"coreos-assembler\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/coreos/fedora-coreos-tracker/issues/1333\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/\", \"tags\": [\"related\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Fedora CoreOS supports setting a GRUB bootloader password\\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\\nGRUB command-line, modify kernel command-line arguments, or boot\\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\\nmisconfiguration which allows booting non-default OSTree deployments\\nwithout entering a password.  This allows someone with access to the\\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\\nany security fixes that have recently been applied to the machine.  A\\npassword is still required to modify kernel command-line arguments and\\nto access the GRUB command line.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eFedora CoreOS supports setting a GRUB bootloader password\\nusing a Butane config. When this feature is enabled, GRUB requires a password to access the\\nGRUB command-line, modify kernel command-line arguments, or boot\\nnon-default OSTree deployments.  Recent Fedora CoreOS releases have a\\nmisconfiguration which allows booting non-default OSTree deployments\\nwithout entering a password.  This allows someone with access to the\\nGRUB menu to boot into an older version of Fedora CoreOS, reverting\\nany security fixes that have recently been applied to the machine.  A\\npassword is still required to modify kernel command-line arguments and\\nto access the GRUB command line.\\n\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2022-11-03T17:49:43.071Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-3675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-02T18:53:10.153Z\", \"dateReserved\": \"2022-10-24T06:40:10.332Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2022-11-03T17:25:02.823Z\", \"requesterUserId\": \"f3a2da25-33ae-4444-b293-a5bd0f5d6b21\", \"assignerShortName\": \"fedora\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.