CVE-2016-3699

Опубликовано: 05 мар. 2016

Источник: redhat

CVSS2: 3.3

Описание

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2016:2584	03.11.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:2574	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-358

https://bugzilla.redhat.com/show_bug.cgi?id=1329653kernel: ACPI table override allowed when securelevel is enabled

3.3 Low

CVSS2

Связанные уязвимости

CVE-2016-3699

CVSS3: 7.4

ubuntu

больше 8 лет назад

CVE-2016-3699

CVSS3: 7.4

nvd

больше 8 лет назад

CVE-2016-3699

CVSS3: 7.4

debian

больше 8 лет назад

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat ...

GHSA-pv5f-x9r7-h4c8

CVSS3: 7.4

github

около 3 лет назад

ELSA-2016-3645

oracle-oval

больше 8 лет назад

ELSA-2016-3645: Unbreakable Enterprise kernel security update (IMPORTANT)

3.3 Low

CVSS2