CVE-2023-4001: Grub2: bypass the grub password protection feature
First published: Mon Jul 24 2023(Updated: )
<a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=2223437">https://bugzilla.redhat.com/show_bug.cgi?id=2223437</a> The "/boot/efi/EFI/fedora/grub.cfg" configuration file allows an unprivileged user with physical access to a computer to bypass the GRUB password protection feature on many (but not all) UEFI-based systems.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnu Grub2 | ||
| Redhat Enterprise Linux | =9.0 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2223437
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258096
- https://access.redhat.com/errata/RHSA-2024:0437
- https://access.redhat.com/errata/RHSA-2024:0468
- https://access.redhat.com/errata/RHSA-2024:0456
- https://bugzilla.redhat.com/show_bug.cgi?id=2224951
- https://access.redhat.com/security/cve/CVE-2023-4001
- https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
- collector/oss-sec
- source/oss-sec
- alias/CVE-2023-4001
- agent/title
- agent/author
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/softwarecombine
- agent/event
- agent/severity
- agent/references
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/gnu
- canonical/gnu grub2
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39