CVE-2015-5281

Name of the Vulnerable Software and Affected Versions grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7

Description The issue allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted multiboot or multiboot2 module in the configuration file. Physically proximate attackers can also bypass intended Secure Boot restrictions and execute non-verified code via the boot menu. The vulnerability is related to insufficient access control to files.

Recommendations For grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, update to a version 2.02-0.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file and the boot menu to minimize the risk of exploitation.