Authentication Bypass Flaw Affects GRUB on UEFI Systems
CVE-2023-4001

6.8MEDIUM

Key Information:

Badges

👾 Exploit Exists📰 News Worthy

Summary

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Affected Version(s)

Red Hat Enterprise Linux 9 1:2.06-70.el9_3.2

Red Hat Enterprise Linux 9.0 Extended Update Support 1:2.06-27.el9_0.16

Red Hat Enterprise Linux 9.2 Extended Update Support 1:2.06-61.el9_2.2

News Articles

Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems

CVE-2023-4001 is an authentication bypass flaw in GRUB. GRUB is the gatekeeper of the booting process in many UEFI-based computers

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Penetration Testing

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Maxim Suhanov for reporting this issue.
.