Authentication Bypass Flaw Affects GRUB on UEFI Systems

CVE-2023-4001
6.8MEDIUM

Key Information

Vendor
Red Hat
Status
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 9.0 Extended Update Support
Red Hat Enterprise Linux 9.2 Extended Update Support
Red Hat Enterprise Linux 8
Vendor
CVE Published:
15 January 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Affected Version(s)

Red Hat Enterprise Linux 9 <= 1:2.06-70.el9_3.2

Red Hat Enterprise Linux 9.0 Extended Update Support <= 1:2.06-27.el9_0.16

Red Hat Enterprise Linux 9.2 Extended Update Support <= 1:2.06-61.el9_2.2

News Articles

favicon imagePenetration Testing

Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems

CVE-2023-4001 is an authentication bypass flaw in GRUB. GRUB is the gatekeeper of the booting process in many UEFI-based computers

8 months ago

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • First article discovered by Penetration Testing

  • Vulnerability published.

  • Vulnerability Reserved.

  • Reported to Red Hat.

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Red Hat would like to thank Maxim Suhanov for reporting this issue.
.