CVE-2022-1665

EPSS 0.01%
Veröffentlicht 21.06.2022 15:15:08
Zuletzt bearbeitet 21.11.2024 06:41:12
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-1291 Public Key Re-Use for Signing both Debug and Production Code

The same public key is used for signing both debug and production code.

https://bugzilla.redhat.com/show_bug.cgi?id=2089529

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-1665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1665

EUVD