CVE-2016-3699

CVSS v3.1

7.4

High

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2

Description The issue allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd when the system is booted with UEFI Secure Boot enabled.

Recommendations For Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2, consider disabling UEFI Secure Boot or restricting the appending of ACPI tables to the initrd until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2016_2574

CVE-2016-3699

RHSA-2016:2574

RHSA-2016:2584

RHSA-2016_2574

RHSA-2016_2584

Affected Products

Centos

Linux Kernel

Red Hat

Red Hat Enterprise Mrg

CVE-2016-3699

Weakness Enumeration

Related Identifiers

Affected Products

References · 11