Lucene search

[email protected]CVE-2015-5281

HistoryNov 24, 2015 - 8:59 p.m.

CVE-2015-5281

2015-11-2420:59:00

CWE-264

[email protected]

web.nvd.nist.gov

185

grub2

rhel 7

secure boot

cve-2015-5281

uefi

multiboot

multiboot2

configuration file

6.3 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq7.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	7.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html

rhn.redhat.com/errata/RHSA-2015-2401.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/77983

www.securitytracker.com/id/1034198

bugzilla.redhat.com/show_bug.cgi?id=1264103

6.3 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-5281

nessus6 fedora2 oraclelinux1 prion1 centos1 debiancve1 openvas3 redhat1 ubuntucve1 ibm1