Security features bypass in kernel (Red Hat package) - CVE-2022-1665
Published: January 30, 2023
Vulnerability identifier: #VU71663
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-1665
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
kernel (Red Hat package)
kernel (Red Hat package)
Detailed vulnerability description
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to missing secure boot lockdown patches applied to kernel. An attacker with physical access to device can bypass the secure boot validation and load non-trusted code on the system.
How to mitigate CVE-2022-1665
Install updates from vendor's website.