CVE-2016-3699

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.

CVSS v3.0 7.4 HIGH
CVSS v2.0 6.9 MEDIUM

7.4^/10

CVSS v3.0 : HIGH

Vector : AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1329653	Issue Tracking Patch Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/09/22/4	Third Party Advisory
https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76	Exploit
http://www.securityfocus.com/bid/93114	Broken Link
http://rhn.redhat.com/errata/RHSA-2016-2584.html
http://rhn.redhat.com/errata/RHSA-2016-2574.html

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:linux:7.2:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

Information

Published : 2016-10-07 07:59

Updated : 2023-02-12 20:50

NVD link : CVE-2016-3699

Mitre link : CVE-2016-3699

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

redhat

enterprise_mrg
linux

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2016/09/22/4", "name": "[oss-security] 20160922 kernel: ACPI table override is allowed when securelevel is enabled", "tags": ["Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76", "name": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/93114", "name": "93114", "tags": ["Broken Link"], "refsource": "BID"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html", "name": "RHSA-2016:2584", "tags": [], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html", "name": "RHSA-2016:2574", "tags": [], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-3699", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}}, "publishedDate": "2016-10-07T14:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T04:50Z"}