Skip to content

Constellation allows Emergency shell access during initramfs boot phase

High severity GitHub Reviewed Published Mar 9, 2023 in edgelesssys/constellation • Updated Mar 9, 2023

Package

gomod github.com/edgelesssys/constellation/v2 (Go)

Affected versions

< 2.6.0

Patched versions

2.6.0

Description

Impact

An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.

Patches

The issue has been patched in v2.6.0.

Workarounds

none

References

@derpsteb derpsteb published to edgelesssys/constellation Mar 9, 2023
Published to the GitHub Advisory Database Mar 9, 2023
Reviewed Mar 9, 2023
Last updated Mar 9, 2023

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-6w5f-5wgr-qjg5

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.