{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4001", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-07-28T20:57:15.937Z", "datePublished": "2024-01-15T11:10:19.517Z", "dateUpdated": "2024-09-16T16:51:09.826Z"}, "containers": {"cna": {"title": "Grub2: bypass the grub password protection feature", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-70.el9_3.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-27.el9_0.16", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.0::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "affected", "versions": [{"version": "1:2.06-61.el9_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "grub2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0437", "name": "RHSA-2024:0437", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0456", "name": "RHSA-2024:0456", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0468", "name": "RHSA-2024:0468", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-4001", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951", "name": "RHBZ#2224951", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/"}], "datePublic": "2024-01-09T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-290: Authentication Bypass by Spoofing", "timeline": [{"lang": "en", "time": "2023-07-24T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-09T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Maxim Suhanov for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T16:51:09.826Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:10.437Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/01/15/3", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0437", "name": "RHSA-2024:0437", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0456", "name": "RHSA-2024:0456", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0468", "name": "RHSA-2024:0468", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2023-4001"}, {"name": "RHBZ#2224951", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951"}, {"url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OBADMKHQLJOBA32Q7XPNSYMVHVAFDCB/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHLZQ47HM64NDOHMHYO7VIJFYD5ZPPYN/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240216-0006/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*", "matchCriteriaId": "5104C160-A510-4AB3-82F8-F92E21B1B2D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de omisi\u00f3n de autenticaci\u00f3n en GRUB debido a la forma en que GRUB usa el UUID de un dispositivo para buscar el archivo de configuraci\u00f3n que contiene el hash de contrase\u00f1a para la funci\u00f3n de protecci\u00f3n de contrase\u00f1a de GRUB. Un atacante capaz de conectar una unidad externa, como una memoria USB que contenga un sistema de archivos con un UUID duplicado (el mismo que en el sistema de archivos \"/boot/\") puede omitir la funci\u00f3n de protecci\u00f3n con contrase\u00f1a GRUB en los sistemas UEFI, que enumeran unidades extra\u00edbles. antes que los no removibles. Este problema se introdujo en un parche posterior en la versi\u00f3n de grub2 de Red Hat y no afecta el paquete anterior."}], "id": "CVE-2023-4001", "lastModified": "2024-09-16T17:16:00.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-01-15T11:15:08.270", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0437"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0456"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0468"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-4001"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Maxim Suhanov for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:0468", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "grub2-1:2.06-70.el9_3.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0437", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "grub2-1:2.06-27.el9_0.16", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2024:0456", "cpe": "cpe:/o:redhat:rhel_eus:9.2", "package": "grub2-1:2.06-61.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}], "bugzilla": {"description": "grub2: bypass the GRUB password protection feature", "id": "2224951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-290", "details": ["An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.", "An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package."], "name": "CVE-2023-4001", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grub2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4001\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4001\nhttps://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/"], "threat_severity": "Moderate"}