CVE-2016-8637
- EPSS 0.07%
- Published 01.08.2018 13:29:00
- Last modified 21.11.2024 02:59:44
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive ...
CVE-2015-0794
- EPSS 0.05%
- Published 19.11.2015 20:59:02
- Last modified 12.04.2025 10:46:40
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
CVE-2012-4453
- EPSS 0.04%
- Published 09.10.2012 23:55:05
- Last modified 11.04.2025 00:51:21
dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.
- EPSS 0.18%
- Published 07.12.2010 22:00:02
- Last modified 11.04.2025 00:51:21
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.