Vulnerability CVE-2016-8637


Published: 2018-08-01

Description:
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Dracut project -> Dracut 

 References:
http://seclists.org/oss-sec/2016/q4/352
http://www.securityfocus.com/bid/94128
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8637
https://github.com/dracutdevs/dracut/commit/0db98910a11c12a454eac4c8e86dc7a7bbc764a4

Copyright 2024, cxsecurity.com

 

Back to Top