ID CVE-2015-7837
Summary The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
References
Vulnerable Configurations
  • RedHat Enterprise MRG 2.0
    cpe:2.3:a:redhat:enterprise_mrg:2.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux 7.2
    cpe:2.3:o:redhat:enterprise_linux:7.2
  • Red Hat Enterprise Linux 7.3
    cpe:2.3:o:redhat:enterprise_linux:7.3
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • cpe:2.3:o:redhat:kernel-rt:7.0
    cpe:2.3:o:redhat:kernel-rt:7.0
CVSS
Base: 2.1
Impact:
Exploitability:
CWE CWE-254
CAPEC
redhat via4
advisories
  • bugzilla
    id 1272472
    title CVE-2015-7837 kernel: securelevel disabled after kexec
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411021
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411015
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411019
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411007
        • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411008
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411011
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727022
      • AND
        • comment kernel-rt-kvm is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411023
        • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411024
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411017
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411009
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-327.rt56.204.el7
          oval oval:com.redhat.rhsa:tst:20152411013
        • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411014
    rhsa
    id RHSA-2015:2411
    released 2015-07-06
    severity Important
    title RHSA-2015:2411: kernel-rt security, bug fix, and enhancement update (Important)
  • rhsa
    id RHSA-2015:2152
rpms
  • kernel-0:3.10.0-327.el7
  • kernel-abi-whitelists-0:3.10.0-327.el7
  • kernel-bootwrapper-0:3.10.0-327.el7
  • kernel-debug-0:3.10.0-327.el7
  • kernel-debug-devel-0:3.10.0-327.el7
  • kernel-devel-0:3.10.0-327.el7
  • kernel-doc-0:3.10.0-327.el7
  • kernel-headers-0:3.10.0-327.el7
  • kernel-kdump-0:3.10.0-327.el7
  • kernel-kdump-devel-0:3.10.0-327.el7
  • kernel-tools-0:3.10.0-327.el7
  • kernel-tools-libs-0:3.10.0-327.el7
  • kernel-tools-libs-devel-0:3.10.0-327.el7
  • perf-0:3.10.0-327.el7
  • python-perf-0:3.10.0-327.el7
  • kernel-rt-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-kvm-0:3.10.0-327.rt56.204.el7
  • kernel-rt-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-doc-0:3.10.0-327.rt56.204.el7
  • kernel-rt-kvm-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-kvm-0:3.10.0-327.rt56.204.el7
refmap via4
bid 77097
confirm
mlist [oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.
Last major update 19-09-2017 - 12:29
Published 19-09-2017 - 12:29
Last modified 05-10-2017 - 10:43
Back to Top