Sensitive Information Uncleared Before Release Affecting dracut package, versions <0:033-502.el7_4.1
Snyk CVSS
Attack Complexity
High
Scope
Changed
Confidentiality
High
Threat Intelligence
EPSS
97.52% (100th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-DRACUT-2029133
- published 26 Jul 2021
- disclosed 3 Jan 2018
How to fix?
Upgrade Centos:7
dracut
to version 0:033-502.el7_4.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream dracut
package and not the dracut
package as distributed by Centos
.
See How to fix?
for Centos:7
relevant fixed versions and status.
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
- BID
- BUGTRAQ
- BUGTRAQ
- CERT-VN
- CERT-VN
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE-2017-5715
- DEBIAN
- DEBIAN
- DEBIAN
- DEBIAN
- EXPLOIT-DB
- FREEBSD
- FREEBSD
- GENTOO
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MLIST
- MLIST
- MLIST
- MLIST
- MLIST
- MLIST
- MLIST
- RHBA-2018:0042
- SECTRACK
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU
- UBUNTU