Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8637

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.

Published

2018-08-01T13:29:00.263

Last Modified

2024-11-21T02:59:44.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-732
Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dracut_project	dracut	< 045	Yes

References

http://seclists.org/oss-sec/2016/q4/352 Exploit, Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/94128 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8637 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/dracutdevs/dracut/commit/0db98910a11c12a454eac4c8e86dc7a7bbc764a4 Patch, Third Party Advisory ([email protected])
http://seclists.org/oss-sec/2016/q4/352 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94128 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8637 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dracutdevs/dracut/commit/0db98910a11c12a454eac4c8e86dc7a7bbc764a4 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)