CVE-2015-7837

CWE-254CWE-45610 documents8 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 77.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Redhat Enterprise LinuxRedhat Enterprise Linux DesktopRedhat Enterprise Linux Server AUS+3 more
Timeline
PublishedSep 19
Latest updateMay 13

Description

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

Debianlinux< 4.5.1-1+3

Also affects: Enterprise Linux 7.0, 7.2, 7.3, 7.4

🔴Vulnerability Details

3
GHSA
GHSA-3cqh-r98g-rhgh: The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local u2022-05-13
CVEList
CVE-2015-7837: The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local u2017-09-19
OSV
CVE-2015-7837: The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local u2017-09-19

📋Vendor Advisories

4
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2017-08-28
Ubuntu
Linux kernel vulnerabilities2017-08-28
Red Hat
kernel: securelevel disabled after kexec2015-10-14
Debian
CVE-2015-7837: linux - The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterpri...2015

💬Community

2
Bugzilla
CVE-2015-7837 kernel: securelevel disabled after kexec2015-10-16
Bugzilla
CVE-2015-7837 kernel: securelevel disabled after kexec [rhel-7.2]2015-07-16
CVE-2015-7837 (MEDIUM CVSS 5.5) | The Linux kernel | cvebase.io