Main Vulnerability Database SB2022060302

SB2022060302 - UEFI Secure Boot bypass in Linux kernel

Published: June 3, 2022

Security Bulletin ID SB2022060302

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2022-21499)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.

Remediation

Install update from vendor's website.

References

https://www.openwall.com/lists/oss-security/2022/05/24/7
https://www.openwall.com/lists/oss-security/2022/05/24/10
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eadb2f47a3ced5c64b23b90fd2a3463f63726066