CVE-2022-34302
First published: Tue Aug 23 2022(Updated: )
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horizondatasys Uefi Bootloader | <2022-06-01 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =20h2 | |
| Microsoft Windows 10 | =21h1 | |
| Microsoft Windows 10 | =21h2 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 11 | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT 8.1 | ||
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2012 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =20h2 | |
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
- https://www.kb.cert.org/vuls/id/309662
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2120705
- https://access.redhat.com/errata/RHSA-2023:2487
- https://access.redhat.com/security/cve/cve-2022-34302
- https://bugzilla.redhat.com/show_bug.cgi?id=2120687
Frequently Asked Questions
What is CVE-2022-34302?
CVE-2022-34302 is a vulnerability found in New Horizon Datasys bootloaders that allows an attacker to bypass or tamper with Secure Boot protections.
How does CVE-2022-34302 affect the affected software?
CVE-2022-34302 affects various operating systems, including Horizondatasys Uefi Bootloader, Redhat Enterprise Linux, and Microsoft Windows 10, 11, and Server versions.
What is the severity of CVE-2022-34302?
The severity of CVE-2022-34302 is medium, with a CVSS score of 6.7.
How can an attacker exploit CVE-2022-34302?
An attacker can exploit CVE-2022-34302 by replacing the existing signed bootloader to load and execute arbitrary code in the pre-boot stage.
Is there a fix available for CVE-2022-34302?
A fix for CVE-2022-34302 may be provided by the software vendor or developer, and users should apply the latest patches or updates as soon as they are available.
- agent/author
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-34302
- agent/severity
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/horizondatasys
- canonical/horizondatasys uefi bootloader
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/20h2
- version/microsoft windows 10/21h1
- version/microsoft windows 10/21h2
- version/microsoft windows 10/1607
- version/microsoft windows 10/1809
- canonical/microsoft windows 11
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt 8.1
- canonical/microsoft windows server 2012
- version/microsoft windows server 2012/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/20h2
- canonical/microsoft windows server 2019
- canonical/microsoft windows server 2022