Lucene search

K
almalinuxAlmaLinuxALSA-2023:2487
HistoryMay 09, 2023 - 12:00 a.m.

Moderate: fwupd security and bug fix update

2023-05-0900:00:00
errata.almalinux.org
37
fwupd package
device firmware
security fix
bug fix
redfish.conf
cve-2022-3287
shim
cve-2022-34301
cve-2022-34302
cve-2022-34303
cvss score
almalinux release notes
unix

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.5%

The fwupd packages provide a service that allows session software to update device firmware.

Security Fix(es):

  • fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)
  • shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)
  • shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)
  • shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.5%