Knowledge Library
Knowledge Library Home
Knowledge Library Home Knowledge Library Products Operating Systems Wind River Linux Wind River Linux 7 Toolchain & Build System LIN7-10140 : Security Advisory - dracut - CVE-2016-8637

LIN7-10140 : Security Advisory - dracut - CVE-2016-8637

Table of contents
Defect #: LIN7-10140
Found In Version7.0.0.28
Fix Version7.0.0.29
Severity:Standard
Status:Fixed
Created Date:08/15/2018
Component/s :Userspace
Sub Component:dracut_git

Description

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.

https://nvd.nist.gov/vuln/detail/CVE-2016-8637

Downloads


KLID_DEFECT (use as Content ID for linking):  KLID_DEFECT_56678
 
Last modified