CVE-2016-3695

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2016-3695 OPENSUSE-SU-2024:12697-1 OPENSUSE-SU-2024:13704-1 SUSE-SU-2022:3264-1 SUSE-SU-2022:3288-1 SUSE-SU-2022:3293-1

Modified

Published: 29 Dec 2017, 15:00

Last modified:06 Aug 2024, 00:03

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.0 (nvd)

EPSS Score

0.06% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Dec 2017, 15:00

Published

Vulnerability first disclosed

06 Aug 2024, 00:03

Last Modified

Vulnerability information updated

Description

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

CVSS Metrics

v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.06%• Percentile: 18%

Techniques & Countermeasures

CWE-74•Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Systems

linux•linux_kernel
na
redhat•enterprise_linux
7.0