CVE-2016-3695

Impact:
Low
Public Date:
2016-04-20
CWE:
CWE-358
Bugzilla:
1322755: CVE-2016-3695 kernel: Error injection via EINJ is allowed when securelevel is enabled

The MITRE CVE dictionary describes this issue as:

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

Find out more about CVE-2016-3695 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 1.7
Base Metrics AV:L/AC:L/Au:S/C:N/I:N/A:P
Access Vector Local
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

Red Hat would like to thank Linn Crosetto (HP) for reporting this issue.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.