medium
5.5
CWE
254
Advisory Published
CVE Published
Updated

CVE-2015-7837

First published: Fri Oct 16 2015(Updated: )

A vulnerability was found in kexec, allowing the attacker to bypass the security mechanism of securelevel/secureboot combination. When the kernel was booted with UEFI Secure Boot enabled, securelevel is set. If kexec (either through crash or admin action) is then used to load the same kernel, after reboot securelevel is disabled. In this state, the system is missing the protections provided by securelevel, for example kexec may be used to load an unsigned kernel via the legacy system call kexec_load. In the securelevel patchset, the state of UEFI Secure Boot is queried in the EFI stub, and sets a boot_params flag to indicate the state of UEFI Secure Boot. This flag is then used in setup_arch() to determine the correct state of securelevel. If the kernel is not booted via the EFI stub, securelevel is not set even if UEFI Secure Boot is enabled. Patch can be found in product bug: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2015-7837 kernel: securelevel disabled after kexec [rhel-7.2]" href="show_bug.cgi?id=1243998#c3">https://bugzilla.redhat.com/show_bug.cgi?id=1243998#c3</a> Upstream patch: <a href="https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798">https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798</a> CVE assignment: <a href="http://seclists.org/oss-sec/2015/q4/85">http://seclists.org/oss-sec/2015/q4/85</a>

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=7.2
Redhat Enterprise Linux=7.3
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server Aus=7.3
Redhat Enterprise Linux Server Aus=7.4
Redhat Enterprise Linux Workstation=7.0
Redhat Enterprise Mrg=2.0
Redhat Kernel-rt=7.0
debian/linux
5.10.223-1
5.10.226-1
6.1.106-3
6.1.112-1
6.11.4-1
6.11.5-1

Remedy

https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Remedy

https://git.kernel.org/linus/local-2015-7837

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2015-7837?

    CVE-2015-7837 is a vulnerability in the Linux kernel that allows local users to bypass secureboot restrictions.

  • Which Linux distributions are affected by CVE-2015-7837?

    Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 are affected by CVE-2015-7837.

  • How can the securelevel/secureboot restrictions be bypassed in CVE-2015-7837?

    The securelevel/secureboot restrictions can be bypassed in CVE-2015-7837 by leveraging improper handling of the secure_boot flag across kexec reboot.

  • What is the severity of CVE-2015-7837?

    CVE-2015-7837 has a low severity rating.

  • How can I fix CVE-2015-7837?

    To fix CVE-2015-7837, update the Linux kernel to a patched version provided by the respective Linux distribution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203