CVE-2022-1665

EPSS 0.01%
Published 21.06.2022 15:15:08
Last modified 21.11.2024 06:41:12
Source secalert@redhat.com
Teams watchlist Login
Open Login

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-1291 Public Key Re-Use for Signing both Debug and Production Code

The same public key is used for signing both debug and production code.

https://bugzilla.redhat.com/show_bug.cgi?id=2089529

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-1665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1665

EUVD