CVE-2015-5281

Severity

26%

Complexity

19%

Confidentiality

81%

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N).

Overview

First reported 9 years ago

2015-11-24 20:59:00

Last updated 8 years ago

2016-12-07 18:16:00

Affected Software

Red Hat Enterprise Linux (RHEL) 7.0 (7)

7.0

References

FEDORA-2015-c3b4fef3af

FEDORA-2015-2c155d7632

RHSA-2015:2401

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

77983

1034198

https://bugzilla.redhat.com/show_bug.cgi?id=1264103

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.