PT-2016-5665 · Red Hat+2 · Red Hat Enterprise Mrg+3

Linn Crosetto

Publicado

2016-10-07

Atualizado

2023-02-13

CVE-2016-3699

CVSS v3.1

7.4

Alta

Vetor

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2

Description The issue allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd when the system is booted with UEFI Secure Boot enabled.

Recommendations For Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2, consider disabling UEFI Secure Boot or restricting the appending of ACPI tables to the initrd until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2016_2574

CVE-2016-3699

RHSA-2016:2574

RHSA-2016:2584

RHSA-2016_2574

RHSA-2016_2584

Produtos afetados

Centos

Linux Kernel

Red Hat

Red Hat Enterprise Mrg

PT-2016-5665 · Red Hat+2 · Red Hat Enterprise Mrg+3

CVE-2016-3699

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11