Vulnerability Name: CVE-2016-3699 (CCN-118241) Assigned: 2016-03-05 Published: 2016-03-05 Updated: 2023-02-13 Summary: The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. CVSS v3 Severity: 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
3.3 Low (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-358 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2016-3699 Important: kernel security, bug fix, and enhancement update secalert@redhat.com Important: kernel-rt security, bug fix, and enhancement update secalert@redhat.com Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities secalert@redhat.com Red Hat Enterprise Linux CVE-2016-3699 Local Security Bypass Vulnerability (CVE-2016-3699) CVE-2016-3699 kernel: ACPI table override allowed when securelevel is enabled secalert@redhat.com linux-kernel-cve20163699-priv-esc(118241) secalert@redhat.com CVE-2016-3699 Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration RedHat 6 :cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* AND cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_network_security:5.4:*:*:*:*:*:*:* OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:8.1.1:*:*:*:*:*:*:* Oval Definitions BACK
redhat enterprise linux 7
ibm storwize v7000 software 6.1
ibm storwize v7000 software 6.2
ibm storwize v7000 software 6.3
ibm storwize v7000 software 6.4
ibm storwize v7000 software 7.1
ibm storwize v7000 software 7.2
ibm storwize v7000 software 7.3
ibm storwize v7000 software 7.4
ibm storwize v7000 software 7.5
ibm storwize v7000 software 7.6
redhat enterprise linux desktop 7
redhat enterprise linux hpc node 7
redhat enterprise linux server 7
redhat enterprise linux workstation 7
redhat enterprise linux for real time 7
ibm storwize v7000 software 7.6.1
ibm storwize v7000 software 7.7
ibm storwize v7000 software 7.7.1
ibm storwize v7000 software 7.8
ibm storwize v7000 software 7.8.1
ibm qradar network security 5.4
ibm security access manager firmware 9.0.3
ibm storwize v7000 software 8.1
ibm storwize v7000 software 8.1.1
Denotes that component is vulnerable