CVE-2016-8637

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-8637

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8637.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-8637

Downstream

DEBIAN-CVE-2016-8637

SUSE-SU-2017:0641-1

SUSE-SU-2017:0951-1

SUSE-SU-2017:2696-1

UBUNTU-CVE-2016-8637

openSUSE-SU-2024:10225-1

Related

Published

2018-08-01T13:29:00Z

Modified

2025-09-19T08:35:23.292608Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.

References

Affected packages

Git / github.com/dracutdevs/dracut

Affected ranges

Type: GIT
Repo: https://github.com/dracutdevs/dracut
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0db98910a11c12a454eac4c8e86dc7a7bbc764a4

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

Other

002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044