CVE-2016-8637
7.8
HIGH
CVSS 3.1
EPSS 0.07%
Description
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.
How to fix CVE-2016-8637
To remediate CVE-2016-8637, upgrade the affected package to a fixed version below.
- Debian/dracut—upgrade to 044+189-1 or later
Is CVE-2016-8637 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 044+189-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |