First published: Mon Jul 24 2023(Updated: )
<a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=2223437">https://bugzilla.redhat.com/show_bug.cgi?id=2223437</a> The "/boot/efi/EFI/fedora/grub.cfg" configuration file allows an unprivileged user with physical access to a computer to bypass the GRUB password protection feature on many (but not all) UEFI-based systems.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
CentOS Grub2-pc-modules | ||
Red Hat Enterprise Linux | =9.0 | |
Fedora | =38 | |
Fedora | =39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4001 allows an unprivileged user with physical access to bypass the GRUB password protection.
CVE-2023-4001 affects GRUB2 and specific versions of Red Hat Enterprise Linux 9.0, Fedora 38, and Fedora 39.
To mitigate CVE-2023-4001, restrict physical access to servers and update your GRUB configuration file to strengthen security.
Yes, CVE-2023-4001 is considered easy to exploit because it requires only physical access to the machine.
Yes, patches and updates addressing CVE-2023-4001 have been released and should be applied promptly.