CVE-2015-5281

2015-11-2420:59:00

Debian Security Bug Tracker

security-tracker.debian.org

2.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.

OSVersionArchitecturePackageVersionFilename
Debian12allgrub2< 2.06-13+deb12u1grub2_2.06-13+deb12u1_all.deb
Debian11allgrub2< 2.06-3~deb11u6grub2_2.06-3~deb11u6_all.deb
Debian10allgrub2< 2.06-3~deb10u1grub2_2.06-3~deb10u1_all.deb
Debian999allgrub2< 2.12-2grub2_2.12-2_all.deb
Debian13allgrub2< 2.12-2grub2_2.12-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	grub2	< 2.06-13+deb12u1	grub2_2.06-13+deb12u1_all.deb
Debian	11	all	grub2	< 2.06-3~deb11u6	grub2_2.06-3~deb11u6_all.deb
Debian	10	all	grub2	< 2.06-3~deb10u1	grub2_2.06-3~deb10u1_all.deb
Debian	999	all	grub2	< 2.12-2	grub2_2.12-2_all.deb
Debian	13	all	grub2	< 2.12-2	grub2_2.12-2_all.deb