Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-4001

Published: 15 January 2024

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Notes

AuthorNote
eslerm
CVE-2023-4001 has no impact Ubuntu or Secure Boot, ignoring.
grub2-unsigned contains Secure Boot security fixes
the grub2 package unlikely affects Ubuntu's Secure Boot
grub2 and grub2-unsigned should have same major version
Ubuntu Secure Boot and ESM do not cover i386
trusty's GA kernel cannot handle new versions of grub
Note that key revocation is required to protect against evil
housekeeper attacks (such as BlackLotus)

Priority

Medium

Cvss 3 Severity Score

6.8

Score breakdown

Status

Package Release Status
grub2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(does not affect Secure Boot)
focal Not vulnerable
(does not affect Secure Boot)
jammy Not vulnerable
(does not affect Secure Boot)
lunar Not vulnerable
(does not affect Secure Boot)
mantic Not vulnerable
(does not affect Secure Boot)
trusty Not vulnerable
(does not affect Secure Boot)
upstream Not vulnerable
(debian: Specific to a downstream patch in Red Hat)
xenial Not vulnerable
(does not affect Secure Boot)
grub2-signed
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(does not affect Secure Boot)
focal Not vulnerable
(does not affect Secure Boot)
jammy Not vulnerable
(does not affect Secure Boot)
lunar Not vulnerable
(does not affect Secure Boot)
mantic Not vulnerable
(does not affect Secure Boot)
trusty Ignored
(update incompatible with kernel)
upstream Not vulnerable
(debian: Specific to a downstream patch in Red Hat)
xenial Not vulnerable
(does not affect Secure Boot)
grub2-unsigned
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(does not affect Secure Boot)
focal Not vulnerable
(does not affect Secure Boot)
jammy Not vulnerable
(does not affect Secure Boot)
lunar Not vulnerable
(does not affect Secure Boot)
mantic Not vulnerable
(does not affect Secure Boot)
trusty Ignored
(end of standard support)
upstream Not vulnerable
(debian: Specific to a downstream patch in Red Hat)
xenial Not vulnerable
(does not affect Secure Boot)

Severity score breakdown

Parameter Value
Base score 6.8
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H