CVE-2016-3699

high

Description

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.

References

Advisories
More

https://bugzilla.redhat.com/show_bug.cgi?id=1329653

http://www.openwall.com/lists/oss-security/2016/09/22/4

http://rhn.redhat.com/errata/RHSA-2016-2584.html

http://rhn.redhat.com/errata/RHSA-2016-2574.html

Details

Source: Mitre, NVD

Published: 2016-10-07

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00038