| Vulnerability Name: | CVE-2022-1665 (CCN-229379) | ||||||||||||
| Assigned: | 2022-06-21 | ||||||||||||
| Published: | 2022-06-21 | ||||||||||||
| Updated: | 2022-08-18 | ||||||||||||
| Summary: | A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | ||||||||||||
| CVSS v3 Severity: | 8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 7.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:R)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-1665 Source: CCN Type: Red Hat Web site Red Hat Enterprise Linux Source: CCN Type: Red Hat Bugzilla - Bug 2089529 (CVE-2022-1665) - CVE-2022-1665 Kernel for IBM Power: Signed build of Red Hat Enterprise Linux for IBM Power can boot pre-production kernels Source: MISC Type: Issue Tracking, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2089529 Source: XF Type: UNKNOWN redhat-cve20221665-sec-bypass(229379) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||