ID CVE-2015-7837
Summary The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:kernel-rt:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:kernel-rt:7.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 05-10-2017 - 14:43)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1272472
    title CVE-2015-7837 kernel: securelevel disabled after kexec
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411017
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411011
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411015
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411009
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727018
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411013
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411007
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
    rhsa
    id RHSA-2015:2411
    released 2015-11-19
    severity Important
    title RHSA-2015:2411: kernel-rt security, bug fix, and enhancement update (Important)
  • rhsa
    id RHSA-2015:2152
rpms
  • kernel-0:3.10.0-327.el7
  • kernel-abi-whitelists-0:3.10.0-327.el7
  • kernel-bootwrapper-0:3.10.0-327.el7
  • kernel-debug-0:3.10.0-327.el7
  • kernel-debug-devel-0:3.10.0-327.el7
  • kernel-devel-0:3.10.0-327.el7
  • kernel-doc-0:3.10.0-327.el7
  • kernel-headers-0:3.10.0-327.el7
  • kernel-kdump-0:3.10.0-327.el7
  • kernel-kdump-devel-0:3.10.0-327.el7
  • kernel-tools-0:3.10.0-327.el7
  • kernel-tools-libs-0:3.10.0-327.el7
  • kernel-tools-libs-devel-0:3.10.0-327.el7
  • perf-0:3.10.0-327.el7
  • python-perf-0:3.10.0-327.el7
  • kernel-rt-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-doc-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7
refmap via4
bid 77097
confirm
mlist [oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.
Last major update 05-10-2017 - 14:43
Published 19-09-2017 - 16:29
Back to Top