CVE-2022-1665
moderate-risk
Published 2022-06-21
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.2/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (2)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2089529
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2089529
30
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal