CVE-2016-8637: Infoleak
First published: Wed Aug 01 2018(Updated: )
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dracut Project Dracut | <045 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8637?
CVE-2016-8637 is considered a local information disclosure vulnerability.
How do I fix CVE-2016-8637?
To fix CVE-2016-8637, upgrade Dracut to version 045 or later.
Who is affected by CVE-2016-8637?
CVE-2016-8637 affects users of Dracut versions before 045 that generate initramfs images.
What type of information can be disclosed in CVE-2016-8637?
CVE-2016-8637 can disclose sensitive information such as encryption keys from world-readable initramfs images.
What is Dracut in the context of CVE-2016-8637?
Dracut is an application used to create initramfs images in Linux systems, and CVE-2016-8637 pertains to its improper permissions.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/dracut project
- canonical/dracut project dracut