Bug 1392056 (CVE-2016-8637) - CVE-2016-8637 dracut: Local information disclosure of initramfs when early cpio is used
Summary: CVE-2016-8637 dracut: Local information disclosure of initramfs when early cp...
Alias: CVE-2016-8637
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1392435 1393912
Blocks: 1392057
TreeView+ depends on / blocked
Reported: 2016-11-04 16:49 UTC by Adam Mariš
Modified: 2021-02-17 03:04 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1393912 (view as bug list)
Last Closed: 2019-06-08 03:01:50 UTC

Attachments (Terms of Use)
Proposed patch (1022 bytes, patch)
2016-11-04 16:52 UTC, Adam Mariš
no flags Details | Diff

Description Adam Mariš 2016-11-04 16:49:46 UTC
A local information disclosure issue was found in dracut when generating initramfs images with world-readable permissions when "early cpio" is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.

Vulnerable code:

if [[ $create_early_cpio = yes ]]; then
    echo 1 > "$early_cpio_dir/d/early_cpio"
    # The microcode blob is _before_ the initramfs blob, not after
    (cd "$early_cpio_dir/d";     find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet > $outfile)
if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null $cpio_owner_root -H newc -o --quiet | \
    $compress >> "$outfile"; ); then
    dfatal "dracut: creation of $outfile failed"
    exit 1

The permissions of the output file depend on umask at creation time, and appending to an existing file does not change them. create_early_cpio is set to on when microcode updates are being used.

Comment 1 Adam Mariš 2016-11-04 16:49:52 UTC

Name: Andreas Stieger (SUSE Security Team)

Comment 2 Adam Mariš 2016-11-04 16:52:15 UTC
Created attachment 1217453 [details]
Proposed patch

Comment 4 Andrej Nemec 2016-11-07 13:53:43 UTC
Created dracut tracking bugs for this issue:

Affects: fedora-all [bug 1392435]

Comment 5 Andrej Nemec 2016-11-07 13:53:55 UTC
Public via:


Note You need to log in before you can comment on or make changes to this bug.