SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2016-3699

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.4		CVSS Score : 6.9
Exploit Score: 1.4		Exploit Score: 3.4
Impact Score: 5.9		Impact Score: 10.0

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: LOCAL
Attack Complexity: HIGH		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: COMPLETE
Scope: UNCHANGED		Integrity: COMPLETE
Confidentiality: HIGH		Availability: COMPLETE
Integrity: HIGH
Availability: HIGH

Reference:

BID-93114

RHSA-2016:2574

RHSA-2016:2584

http://www.openwall.com/lists/oss-security/2016/09/22/4

https://bugzilla.redhat.com/show_bug.cgi?id=1329653

https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76


30430



423868



247621



909



194512



282