CVE-2016-3699
First published: Sat Mar 05 2016(Updated: )
A vulnerability was found in the RHEL7.2 kernel. When RHEL 7.2 is booted with UEFI Secure Boot enabled, securelevel is set. The kernel uses the state of securelevel to prevent userspace from inserting untrusted privileged code at runtime. The ACPI tables provided by firmware can be overwritten using the initrd. From the kernel documentation: If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible to override nearly any ACPI table provided by the BIOS with an instrumented, modified one. RHEL 7.2 has CONFIG_ACPI_INITRD_TABLE_OVERRIDE kernel config option enabled, and will load ACPI tables appended to the initrd, even if booted with UEFI Secure Boot enabled and securelevel set. Upstream patch: <a href="https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76">https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-514.rt56.420.el7 | 0:3.10.0-514.rt56.420.el7 |
| redhat/kernel | <0:3.10.0-514.el7 | 0:3.10.0-514.el7 |
| Linux kernel | ||
| Red Hat Enterprise MRG | =2.0 | |
| Red Hat Linux | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76
- https://access.redhat.com/security/cve/CVE-2016-3699
- https://rhn.redhat.com/errata/RHSA-2016-2574.html
- https://rhn.redhat.com/errata/RHSA-2016-2584.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1329653
- https://www.cve.org/CVERecord?id=CVE-2016-3699 https://nvd.nist.gov/vuln/detail/CVE-2016-3699
- https://access.redhat.com/errata/RHSA-2016:2584
- https://access.redhat.com/errata/RHSA-2016:2574
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.openwall.com/lists/oss-security/2016/09/22/4
- http://www.securityfocus.com/bid/93114
Frequently Asked Questions
What is the severity of CVE-2016-3699?
CVE-2016-3699 is rated as a high severity vulnerability due to its potential to allow untrusted code execution.
How do I fix CVE-2016-3699?
To fix CVE-2016-3699, you should update to the latest kernel version provided by Red Hat, such as kernel-rt 0:3.10.0-514.rt56.420.el7 or kernel 0:3.10.0-514.el7.
Which versions of Red Hat are affected by CVE-2016-3699?
CVE-2016-3699 affects RHEL 7.2 and its specific kernel versions.
What does CVE-2016-3699 impact?
CVE-2016-3699 impacts the kernel's handling of UEFI Secure Boot and could allow unauthorized kernel modifications.
Is CVE-2016-3699 specific to certain architectures?
CVE-2016-3699 is not architecture-specific and affects the Linux kernel across supported platforms.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3699
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- vendor/redhat
- canonical/red hat enterprise mrg
- version/red hat enterprise mrg/2.0
- canonical/red hat linux
- version/red hat linux/7.2