Vigil@nce - RHEL: disabling securelevel with UEFI Secure Boot
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
After some operations with UEFI Secure Boot, a local attacker can
thus use kexec_load to load an unsigned kernel.
Impacted products: RHEL.
Severity: 1/4.
Creation date: 15/10/2015.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be booted with UEFI Secure Boot. In this
case, securelevel is enabled.
However, if kexec is called to load the kernel, securelevel is
disabled on next reboot.
After some operations with UEFI Secure Boot, a local attacker can
thus use kexec_load to load an unsigned kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/RHEL-disabling-securelevel-with-UEFI-Secure-Boot-18113