Ubuntu.comUB:CVE-2016-3695CVE-2016-3695
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux
kernel allows local users to simulate hardware errors and consequently
cause a denial of service by leveraging failure to disable APEI error
injection through EINJ when securelevel is set.
Notes
| Author | Note |
|---|---|
| sbeattie | looks like it’s finally getting traction upstream debian incorporated this patch in their secureboot kernel it’s possible we will want/get CVEs for other issues addressed in the patch series containing this fix. still unfixed as of 2017-10-12 |
| tyhicks | This CVE was assigned against an out-of-tree patch series. The Ubuntu kernel carries the patch series in Bionic and newer releases. |
References
github.com/mjg59/linux/commit/d7a6be58edc01b1c66ecd8fcc91236bfbce0a420
launchpad.net/bugs/cve/CVE-2016-3695
nvd.nist.gov/vuln/detail/CVE-2016-3695
security-tracker.debian.org/tracker/CVE-2016-3695
www.cve.org/CVERecord?id=CVE-2016-3695
www.mail-archive.com/[email protected]/msg1370944.html
www.mail-archive.com/[email protected]/msg1371076.html
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%