CVE-2015-5281 — Redhat Enterprise Linux vulnerability

CWE-2645 documents5 sources

Severity

2.6LOWNVD

EPSS

0.1%

top 81.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Debian Grub2

Timeline

PublishedNov 24

Latest updateMay 17

Description

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.

CVSS vector

AV:L/AC:H/C:P/I:P/A:NExploitability: 1.9 | Impact: 4.9

Affected Packages1 packages

▶debiandebian/grub2

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-626f-gjf6-rgjr: The grub2 package before 2↗2022-05-17

▶

📋Vendor Advisories

Red Hat

grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot↗2015-11-17

▶

Debian

CVE-2015-5281: grub2 - The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when us...↗2015

▶

💬Community

Bugzilla

CVE-2015-5281 grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot↗2015-09-17

▶