Table of Contents

Public Date:
1264103: CVE-2015-5281 grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot
It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or the grub2 configuration file if the attacker has root privileges on the system.

Find out more about CVE-2015-5281 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.6
Base Metrics AV:L/AC:H/Au:N/C:P/I:P/A:N
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (grub2) RHSA-2015:2401 2015-11-19
Last Modified