Main Vulnerability Database Vulnerabilities #VU71663

#VU71663 Security features bypass in kernel (Red Hat package) - CVE-2022-1665

Published: January 30, 2023

Vulnerability identifier: #VU71663

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-1665

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
kernel (Red Hat package)

Software vendor:
Red Hat Inc.

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to missing secure boot lockdown patches applied to kernel. An attacker with physical access to device can bypass the secure boot validation and load non-trusted code on the system.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2089529