Vulnerability Description
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | - |
| Redhat | Enterprise Mrg | 2.0 |
| Redhat | Linux | 7.2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.openwall.com/lists/oss-security/2016/09/22/4Third Party Advisory
- http://www.securityfocus.com/bid/93114Broken Link
- https://bugzilla.redhat.com/show_bug.cgi?id=1329653Issue TrackingPatchThird Party Advisory
- https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76Exploit
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.openwall.com/lists/oss-security/2016/09/22/4Third Party Advisory
- http://www.securityfocus.com/bid/93114Broken Link
- https://bugzilla.redhat.com/show_bug.cgi?id=1329653Issue TrackingPatchThird Party Advisory
- https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76Exploit
FAQ
What is CVE-2016-3699?
CVE-2016-3699 is a vulnerability with a CVSS score of 7.4 (HIGH). The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and...
How severe is CVE-2016-3699?
CVE-2016-3699 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3699?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Mrg, Redhat Linux.