Vulnerability Details CVE-2016-3699
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.7%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 6.9
References
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.openwall.com/lists/oss-security/2016/09/22/4
- http://www.securityfocus.com/bid/93114
- https://bugzilla.redhat.com/show_bug.cgi?id=1329653
- https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.openwall.com/lists/oss-security/2016/09/22/4
- http://www.securityfocus.com/bid/93114
- https://bugzilla.redhat.com/show_bug.cgi?id=1329653
- https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76
Products affected by CVE-2016-3699
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:redhat:enterprise_mrg:2.0
-
cpe:2.3:o:redhat:linux:7.2