CVE-2016-3699
Publication date 7 October 2016
Last updated 25 August 2025
Ubuntu priority
Description
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-armadaxp | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-flo | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-grouper | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-omap | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-shared | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-vexpress | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-quantal | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-raring | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-saucy | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty |
Not affected
|
|
| linux-maguro | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-mako | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-manta | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-qcm-msm | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| linux-ti-omap4 | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.4 · High
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |