Unknown · Fedora Core · CVE-2022-3675
**Name of the Vulnerable Software and Affected Versions**
Fedora CoreOS (affected versions not specified)
**Description**
The issue is related to a misconfiguration in recent Fedora CoreOS releases that allows booting non-default OSTree deployments without entering a password, even when a GRUB bootloader password is set using a Butane config. This enables someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, effectively reverting any recently applied security fixes. However, a password is still required to modify kernel command-line arguments and to access the GRUB command line.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.