CVE-2015-7837: RHEL UEFI Secure Boot


Vulnerability ID 106841
Red Hat Enterprise Linux UEFI Secure Boot privilege escalation

A vulnerability, which was classified as critical, has been found in Red Hat Enterprise Linux (the affected version is unknown). This issue affects an unknown function of the component UEFI Secure Boot. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability. The weakness was released 09/19/2017 (oss-sec). The advisory is shared for download at openwall.com. The identification of this vulnerability is CVE-2015-7837 since 10/15/2015. The exploitation is known to be easy. An attack has to be approached locally. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 09/20/2017).[…]


Comments above seem to incidate a 9/19 update, but I can’t find that, only older messages from 2015-2016. Unclear about current status of this.



Microsoft Azure seeks senior UEFI engineer

Senior UEFI / FW Development Engineer – CSI / Azure – Cloud Server Infrastructure

The Azure Cloud Server Infrastructure development team (CSI) is seeking a talented FW development engineer with UEFI based BIOS/FW development experience. Candidate will be a member of the MSFT Azure CSI/UEFI FW team and will be responsible for design and development of UEFI FW solutions for MSFT Cloud Platforms. The Senior BIOS/Firmware Developer candidate must have relevant industry experience in the development of UEFI firmware solutions. Candidate must demonstrate skills and experiences from early planning/concept architecture, platform bring-up, UEFI FW features development, board manufacturing support and field issues debug/servicing support.[…]




UefiToolsPkg: making UEFI more useful to system hackers

Andrei Warkentin has created UefiToolsPkg, readme excerpt below:

This is a Tiano Core (edk2) package with various goodies. The goal was to make the UEFI environment much more useful to system hackers. It may be a reduced environment, but there’s no need for it to remain a crippled one. People make the analogy of UEFI being the 21st century equivalent of DOS, yet DOS was a vastly more useful environment than UEFI is today. Hopefully, one day this will grow into a veritable distribution of software to be productive even without a “real OS” around. Contains: Useful utilities for developers and admins,Ported UNIX tools, Useful libraries for developers, Development tools for Windows/Linux, Other tools around the Web.

FdtDump: dump system device tree to storage
AcpiDump: dump system ACPI tables to storage
AcpiLoader: load system ACPI tables from storage
ShellPlatVars: set UEFI Shell variables based on platform configuration
MemResv: create new memory map entries
RangeIsMapped: validates ranges in the memory map
GopTool: Check and manipulate EFI_GRAPHICS_OUTPUT_PROTOCOL instances
tinycc: port of TinyCC to UEFI

There’s at least one other UEFI ‘distribution’ project on Github, mostly non-usable, I forget the name at the moment.  If I had some spare time, I’ve been wanting to do something like this, still looking to find the spare time… 😦 The next logical step is to include FPMurphy’s UEFI Utilities:



UEFI Firmware Rootkits: Myths and Reality: video online