ID CVE-2015-7837
Summary The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:kernel-rt:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:kernel-rt:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 05-10-2017 - 14:43)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1272472
    title CVE-2015-7837 kernel: securelevel disabled after kexec
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • comment kernel-rt earlier than 0:3.10.0-327.rt56.204.el7 is currently running
          oval oval:com.redhat.rhsa:tst:20152152031
        • comment kernel-rt earlier than 0:3.10.0-327.rt56.204.el7 is set to boot up on next boot
          oval oval:com.redhat.rhsa:tst:20152411016
      • OR
        • AND
          • comment kernel-rt is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411001
          • comment kernel-rt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727002
        • AND
          • comment kernel-rt-debug is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411003
          • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727004
        • AND
          • comment kernel-rt-debug-devel is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411005
          • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727006
        • AND
          • comment kernel-rt-devel is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411007
          • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727008
        • AND
          • comment kernel-rt-doc is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411009
          • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727010
        • AND
          • comment kernel-rt-trace is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411011
          • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727012
        • AND
          • comment kernel-rt-trace-devel is earlier than 0:3.10.0-327.rt56.204.el7
            oval oval:com.redhat.rhsa:tst:20152411013
          • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727014
    rhsa
    id RHSA-2015:2411
    released 2015-11-19
    severity Important
    title RHSA-2015:2411: kernel-rt security, bug fix, and enhancement update (Important)
  • rhsa
    id RHSA-2015:2152
rpms
  • kernel-0:3.10.0-327.el7
  • kernel-abi-whitelists-0:3.10.0-327.el7
  • kernel-bootwrapper-0:3.10.0-327.el7
  • kernel-debug-0:3.10.0-327.el7
  • kernel-debug-debuginfo-0:3.10.0-327.el7
  • kernel-debug-devel-0:3.10.0-327.el7
  • kernel-debuginfo-0:3.10.0-327.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.el7
  • kernel-devel-0:3.10.0-327.el7
  • kernel-doc-0:3.10.0-327.el7
  • kernel-headers-0:3.10.0-327.el7
  • kernel-kdump-0:3.10.0-327.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.el7
  • kernel-kdump-devel-0:3.10.0-327.el7
  • kernel-tools-0:3.10.0-327.el7
  • kernel-tools-debuginfo-0:3.10.0-327.el7
  • kernel-tools-libs-0:3.10.0-327.el7
  • kernel-tools-libs-devel-0:3.10.0-327.el7
  • perf-0:3.10.0-327.el7
  • perf-debuginfo-0:3.10.0-327.el7
  • python-perf-0:3.10.0-327.el7
  • python-perf-debuginfo-0:3.10.0-327.el7
  • kernel-rt-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debug-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debuginfo-0:3.10.0-327.rt56.204.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.rt56.204.el7
  • kernel-rt-devel-0:3.10.0-327.rt56.204.el7
  • kernel-rt-doc-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-327.rt56.204.el7
  • kernel-rt-trace-devel-0:3.10.0-327.rt56.204.el7
refmap via4
bid 77097
confirm
mlist [oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.
Last major update 05-10-2017 - 14:43
Published 19-09-2017 - 16:29
Last modified 05-10-2017 - 14:43
Back to Top