GMS-2023-679: Constellation allows Emergency shell access during initramfs boot phase

March 9, 2023

Impact

An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.

Patches

The issue has been patched in v2.6.0.

Workarounds

none

References

github.com/advisories/GHSA-6w5f-5wgr-qjg5
github.com/edgelesssys/constellation/releases/tag/v2.6.0
github.com/edgelesssys/constellation/security/advisories/GHSA-6w5f-5wgr-qjg5

Code Behaviors & Features

Detect and mitigate GMS-2023-679 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →