Headline
RHSA-2023:2487: Red Hat Security Advisory: fwupd security and bug fix update
An update for fwupd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3287: A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
- CVE-2022-34301: A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
- CVE-2022-34302: A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
- CVE-2022-34303: A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2487 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: fwupd security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for fwupd is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The fwupd packages provide a service that allows session software to update device firmware.
Security Fix(es):
- fwupd: world readable password in /etc/fwupd/redfish.conf (CVE-2022-3287)
- shim: 3rd party shim allow secure boot bypass (CVE-2022-34301)
- shim: 3rd party shim allow secure boot bypass (CVE-2022-34302)
- shim: 3rd party shim allow secure boot bypass (CVE-2022-34303)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2119436 - EFI partition configured as FAT16 instead of 32
- BZ - 2120687 - CVE-2022-34302 shim: 3rd party shim allow secure boot bypass
- BZ - 2120699 - CVE-2022-34301 shim: 3rd party shim allow secure boot bypass
- BZ - 2120701 - CVE-2022-34303 shim: 3rd party shim allow secure boot bypass
- BZ - 2128384 - fwupd fails to apply Secure Boot dbx update on systems
- BZ - 2129280 - CVE-2022-3287 fwupd: world readable password in /etc/fwupd/redfish.conf [rhel-9.2.0]
- BZ - 2129904 - CVE-2022-3287 fwupd: world readable password in /etc/fwupd/redfish.conf
- BZ - 2165096 - Rebase fwupd to pick up all the ESP fixes
CVEs
- CVE-2022-3287
- CVE-2022-34301
- CVE-2022-34302
- CVE-2022-34303
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
fwupd-1.8.10-2.el9.src.rpm
SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b
x86_64
fwupd-1.8.10-2.el9.x86_64.rpm
SHA-256: bf22c96ddb09b593345d07bfa76e99543f354e8c93c9a080aeb34ecc1b899334
fwupd-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: ae140d68a3a6f18fa9946ebb4a77c3e44b690278331f5af6eaad0b276477e786
fwupd-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: ae140d68a3a6f18fa9946ebb4a77c3e44b690278331f5af6eaad0b276477e786
fwupd-debugsource-1.8.10-2.el9.x86_64.rpm
SHA-256: 615a07bd3b88897a093bc7017144d34667b868b237d4542ae7c2f9af55be154e
fwupd-debugsource-1.8.10-2.el9.x86_64.rpm
SHA-256: 615a07bd3b88897a093bc7017144d34667b868b237d4542ae7c2f9af55be154e
fwupd-plugin-flashrom-1.8.10-2.el9.x86_64.rpm
SHA-256: 7ed38800205d907073ec4095b12b56783cff3781c2c11275841a30a08902d579
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: 180c8b7a7f0c16cdb02352c96ba54d744007fcc79a391b7a3efa276fe93a5f6e
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: 180c8b7a7f0c16cdb02352c96ba54d744007fcc79a391b7a3efa276fe93a5f6e
fwupd-tests-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: 3226621d8331734c7193752f719b40ff0cce8666f7691d940a3025b424c639c9
fwupd-tests-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: 3226621d8331734c7193752f719b40ff0cce8666f7691d940a3025b424c639c9
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
fwupd-1.8.10-2.el9.src.rpm
SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b
s390x
fwupd-1.8.10-2.el9.s390x.rpm
SHA-256: b2061194b020af50b96ff7aa238c75f3aa4be886c3b9c8c63d77654a581db383
fwupd-debuginfo-1.8.10-2.el9.s390x.rpm
SHA-256: 4b8613292e4d6d4bd40f735963899c88ac8072a57b6ac758ae869e30683a95fa
fwupd-debugsource-1.8.10-2.el9.s390x.rpm
SHA-256: 33623a6d771cd419fb9e67806ce3d7bb6a46ae4192545f41689591b53807817f
fwupd-tests-debuginfo-1.8.10-2.el9.s390x.rpm
SHA-256: 4e225a2e204c6f910834f8188ba590396e5d1056c851fd201c14fad6fc0153a4
Red Hat Enterprise Linux for Power, little endian 9
SRPM
fwupd-1.8.10-2.el9.src.rpm
SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b
ppc64le
fwupd-1.8.10-2.el9.ppc64le.rpm
SHA-256: f1cae84884b8a052af0dafeb457432e2d9078b2246daba816a3b74cc504316cd
fwupd-debuginfo-1.8.10-2.el9.ppc64le.rpm
SHA-256: 118a2256ba00e2b1fe92087a78d617aa29cba5d40060300a87b3a2eb7d366ca9
fwupd-debuginfo-1.8.10-2.el9.ppc64le.rpm
SHA-256: 118a2256ba00e2b1fe92087a78d617aa29cba5d40060300a87b3a2eb7d366ca9
fwupd-debugsource-1.8.10-2.el9.ppc64le.rpm
SHA-256: c34958347431c662caaa9bb4316d5f17a839e722ac25eed37dacedbd52aa3231
fwupd-debugsource-1.8.10-2.el9.ppc64le.rpm
SHA-256: c34958347431c662caaa9bb4316d5f17a839e722ac25eed37dacedbd52aa3231
fwupd-plugin-flashrom-1.8.10-2.el9.ppc64le.rpm
SHA-256: a828227ec39e0f164dd12bf523101665c5f045f6901fbbf05dc33401f226ae97
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.ppc64le.rpm
SHA-256: 2bb52bd8db323b84a29651445eaf1770449cfdd54e6174f2b7ba2f489ed09879
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.ppc64le.rpm
SHA-256: 2bb52bd8db323b84a29651445eaf1770449cfdd54e6174f2b7ba2f489ed09879
Red Hat Enterprise Linux for ARM 64 9
SRPM
fwupd-1.8.10-2.el9.src.rpm
SHA-256: 6d6b5d90e9a53cfea873b607315d8209f5b873ce03a9ae02daa0fe036af6fb7b
aarch64
fwupd-1.8.10-2.el9.aarch64.rpm
SHA-256: 2780cbebbb6e67a8c8f0202ebddfbcb0c03013de31ac52fc57b156935db817a1
fwupd-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 3410f20ce99cd296d543fb5835d9959758e78603c83366d168a17fe74d9a4e09
fwupd-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 3410f20ce99cd296d543fb5835d9959758e78603c83366d168a17fe74d9a4e09
fwupd-debugsource-1.8.10-2.el9.aarch64.rpm
SHA-256: b3510ebfb81fa3f232c09cfaa135d6416a8dd9b972790139f5d6940156668fd1
fwupd-debugsource-1.8.10-2.el9.aarch64.rpm
SHA-256: b3510ebfb81fa3f232c09cfaa135d6416a8dd9b972790139f5d6940156668fd1
fwupd-plugin-flashrom-1.8.10-2.el9.aarch64.rpm
SHA-256: 4aa4ec7ec41297a4b0fce61a7837e61c48b0b1de4179eab396d2096c1a06471e
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 9df67b28f583f603cdaf3145452b64f82311d49f07420b382caaf2636928dcd6
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 9df67b28f583f603cdaf3145452b64f82311d49f07420b382caaf2636928dcd6
fwupd-tests-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 94162e60bf079b1806ec915a454a2e547e5eb28a085bd9adac7d1a97978cafde
fwupd-tests-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 94162e60bf079b1806ec915a454a2e547e5eb28a085bd9adac7d1a97978cafde
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
fwupd-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: ae140d68a3a6f18fa9946ebb4a77c3e44b690278331f5af6eaad0b276477e786
fwupd-debugsource-1.8.10-2.el9.x86_64.rpm
SHA-256: 615a07bd3b88897a093bc7017144d34667b868b237d4542ae7c2f9af55be154e
fwupd-devel-1.8.10-2.el9.x86_64.rpm
SHA-256: 670eda36608031f6b903b7c22c67f584f1ab23c641abe19bd72bc41c75ebc9df
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: 180c8b7a7f0c16cdb02352c96ba54d744007fcc79a391b7a3efa276fe93a5f6e
fwupd-tests-debuginfo-1.8.10-2.el9.x86_64.rpm
SHA-256: 3226621d8331734c7193752f719b40ff0cce8666f7691d940a3025b424c639c9
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
fwupd-debuginfo-1.8.10-2.el9.ppc64le.rpm
SHA-256: 118a2256ba00e2b1fe92087a78d617aa29cba5d40060300a87b3a2eb7d366ca9
fwupd-debugsource-1.8.10-2.el9.ppc64le.rpm
SHA-256: c34958347431c662caaa9bb4316d5f17a839e722ac25eed37dacedbd52aa3231
fwupd-devel-1.8.10-2.el9.ppc64le.rpm
SHA-256: 49179238f13891bc3eebb1ab68d11dea7d0e297e26c29b07f7050c19dde0b099
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.ppc64le.rpm
SHA-256: 2bb52bd8db323b84a29651445eaf1770449cfdd54e6174f2b7ba2f489ed09879
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
fwupd-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 3410f20ce99cd296d543fb5835d9959758e78603c83366d168a17fe74d9a4e09
fwupd-debugsource-1.8.10-2.el9.aarch64.rpm
SHA-256: b3510ebfb81fa3f232c09cfaa135d6416a8dd9b972790139f5d6940156668fd1
fwupd-devel-1.8.10-2.el9.aarch64.rpm
SHA-256: f2815e7bb38d5971ce7fd1831b7271042c23f6fdf7ea50fcc5614989159332bf
fwupd-plugin-flashrom-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 9df67b28f583f603cdaf3145452b64f82311d49f07420b382caaf2636928dcd6
fwupd-tests-debuginfo-1.8.10-2.el9.aarch64.rpm
SHA-256: 94162e60bf079b1806ec915a454a2e547e5eb28a085bd9adac7d1a97978cafde
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
fwupd-debuginfo-1.8.10-2.el9.s390x.rpm
SHA-256: 4b8613292e4d6d4bd40f735963899c88ac8072a57b6ac758ae869e30683a95fa
fwupd-debugsource-1.8.10-2.el9.s390x.rpm
SHA-256: 33623a6d771cd419fb9e67806ce3d7bb6a46ae4192545f41689591b53807817f
fwupd-devel-1.8.10-2.el9.s390x.rpm
SHA-256: a848e50dc77d3c39f78a0fed9157003682805ffe3229a4507fb1a4c5074c704a
fwupd-tests-debuginfo-1.8.10-2.el9.s390x.rpm
SHA-256: 4e225a2e204c6f910834f8188ba590396e5d1056c851fd201c14fad6fc0153a4
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-7189-01 - An update for fwupd is now available for Red Hat Enterprise Linux 8.
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]
Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]
Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader
A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader