CVE-2015-5281

CVE-2015-5281 affects GRUB2 on EFI systems (notably grub2 in RHEL7) where modules deemed unsuitable for Secure Boot could be loaded, allowing a local attacker to bypass Secure Boot and execute non-verified code via crafted multiboot/multiboot2 modules or boot menu entries. The issue arises from l...

CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

RedHat Update for grub2 RHSA-2015:2401-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : grub2 (RHSA-2015:2401)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2401 advisory. The grub2 packages provide version 2 of the Grand Unified Bootloader GRUB, a highly configurable and customizable bootloader with modular architectur...

grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot

It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or t...

[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability

Vulnerability title Microsoft: Trusted Boot Security Feature Bypass Vulnerability CVE: CVE-2015-2552 Vendor: Microsoft Product: Windows NT series 8.0+ Affected versions: See "systems affected". Reported by: "Myria" Vulnerability Summary: ===================== An attacker with administrative acces...

CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secureboot flag across kexec reboot...

PT-2015-7636

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description The issue allows local users to bypass intended securelevel/secureboot restrictions. This is achieved by leveraging improper handling of the secure boot flag across kexec reboot when...

UBUNTU-CVE-2015-7837

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secureboot flag across kexec reboot...

Microsoft Trusted Boot Security Feature Bypass

Vulnerability title Microsoft: Trusted Boot Security Feature Bypass Vulnerability CVE: CVE-2015-2552 Vendor: Microsoft Product: Windows NT series 8.0+ Affected versions: See "systems affected". Reported by: "Myria" Vulnerability Summary: ===================== An attacker with administrative acces...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20150805)

An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing t...

kernel: execution in the early microcode loader

A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel ring0 level, bypassing intended restrictions in place...

kernel: execution in the early microcode loader

A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel ring0 level, bypassing intended restrictions in place...

Moderate: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Overview Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. According to Corey Kallenber...

Multiple Product UEFI System Local Security Bypass Vulnerabilities

UEFI is a standard that details a type of interface. This interface is used to automatically load the operating system from a pre-booted operating environment onto an operating system. A local security bypass vulnerability exists in multiple product UEFI systems where a boot script is used to...

DHS Warns of UEFI Hardware Vulnerabilities

The CERT/CC at Carnegie Mellon University today released three advisories warning of vulnerabilities that affect some unified extensible firmware interface UEFI systems and the BIOS of some Intel chipsets. Hardware and firmware vulnerabilities, such as these reported by Corey Kallenberg of MITRE...

UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script

Overview Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections. Description According to Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE...

Intel BIOS locking mechanism contains race condition that enables write protection bypass

Overview A race condition exists in Intel chipsets that rely solely on the BIOSCNTL.BIOSWE and BIOSCNTL.BLE bits as a BIOS write locking mechanism. Successful exploitation of this vulnerability may result in a bypass of this locking mechanism. Description CWE-362: Concurrent Execution using Share...