CVE-2016-8637
Published: 1 August 2018
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
dracut Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(044+189-1)
|
|
| cosmic |
Not vulnerable
(044+189-1)
|
|
| disco |
Not vulnerable
(044+189-1)
|
|
| eoan |
Not vulnerable
(044+189-1)
|
|
| focal |
Not vulnerable
(044+189-1)
|
|
| groovy |
Not vulnerable
(044+189-1)
|
|
| hirsute |
Not vulnerable
(044+189-1)
|
|
| impish |
Not vulnerable
(044+189-1)
|
|
| jammy |
Not vulnerable
(044+189-1)
|
|
| kinetic |
Not vulnerable
(044+189-1)
|
|
| lunar |
Not vulnerable
(044+189-1)
|
|
| mantic |
Not vulnerable
(044+189-1)
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |