CVE-2016-8637
 
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Se ha encontrado un problema de divulgación de información local en dracut en versiones anteriores a la 045 al generar imágenes initramfs con permisos de lectura globales al emplear "early cpio", como al incluir actualizaciones de microcódigo. Un atacante local puede emplear esto para obtener información sensible de estos archivos, como las claves de cifrado o las credenciales.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-10-12 CVE Reserved
- 2018-08-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94128 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://seclists.org/oss-sec/2016/q4/352 | 2024-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8637 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://github.com/dracutdevs/dracut/commit/0db98910a11c12a454eac4c8e86dc7a7bbc764a4 | 2023-02-12 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dracut Project Search vendor "Dracut Project" | Dracut Search vendor "Dracut Project" for product "Dracut" | < 045 Search vendor "Dracut Project" for product "Dracut" and version " < 045" | - |
Affected
|