CVE-2016-3699

CWE-264CWE-3586 documents6 sources
Severity
7.4HIGH
EPSS
0.0%
top 86.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Enterprise MRGRedhat Linux
Timeline
PublishedOct 7
Latest updateMay 13

Description

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages2 packages

NVDredhat/linux7.2

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-pv5f-x9r7-h4c8: The Linux kernel, as used in Red Hat Enterprise Linux 72022-05-13
CVEList
CVE-2016-3699: The Linux kernel, as used in Red Hat Enterprise Linux 72016-10-07

📋Vendor Advisories

2
Red Hat
kernel: ACPI table override allowed when securelevel is enabled2016-03-05
Debian
CVE-2016-3699: linux - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise...2016

💬Community

1
Bugzilla
CVE-2016-3699 kernel: ACPI table override allowed when securelevel is enabled2016-04-22
CVE-2016-3699 (HIGH CVSS 7.4) | The Linux kernel | cvebase.io