CVE-2022-34302

Name of the Vulnerable Software and Affected Versions New Horizon Datasys bootloaders before 2022-06-01

Description A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker needs to replace the existing signed bootloader with this one, requiring access to the EFI System Partition for booting using external media. The vulnerability is related to errors in security settings, which can be exploited to bypass existing security restrictions.

Recommendations For versions before 2022-06-01, consider restricting access to the EFI System Partition to minimize the risk of exploitation. As a temporary workaround, avoid using external media for booting until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.