CVE-2022-3675
LOWFedora CoreOS >=36.20220820.3.0 <37.20221031.1.0 - Unauthenticated OSTree Deployment Boot Bypass
Title source: llmDescription
Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory issue-tracking
https://github.com/coreos/fedora-coreos-tracker/issues/1333
Mailing List, Vendor Advisory release-notes
https://lists.fedoraproject.org/archives/list/[email protected]/thread/NHUCNH5Y4UH5DPUCXISYXXVA563TLFEJ/
Vendor Advisory related
https://docs.fedoraproject.org/en-US/fedora-coreos/grub-password/
Scores
CVSS v3
2.6
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-306
CWE-20
Status
published
Products (1)
redhat/fedora_coreos
36.20220820.3.0 - 37.20221031.1.0
Published
Nov 03, 2022
Tracked Since
Feb 18, 2026