CVE-2015-7837

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description The issue allows local users to bypass intended securelevel/secureboot restrictions. This is achieved by leveraging improper handling of the secure boot flag across kexec reboot when the system is booted with UEFI Secure Boot enabled.

Recommendations For Linux kernel versions prior to the fixed version, consider disabling UEFI Secure Boot as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CESA-2015_2152

CVE-2015-7837

RHSA-2015:2152

RHSA-2015:2411

RHSA-2015_2152

RHSA-2015_2411

USN-3405-1

USN-3405-2

Affected Products

Centos

Linux Kernel

Red Hat

Ubuntu

CVE-2015-7837

Weakness Enumeration

Related Identifiers

Affected Products

References · 26