CVE-2016-2085
MEDIUMLinux kernel <4.5 - Info Disclosure
Title source: llmDescription
The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.
References (13)
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
21.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Classification
CWE
CWE-19
Status
draft
Affected Products (1)
linux/linux_kernel
< 4.4.8
Timeline
Published
Apr 27, 2016
Tracked Since
Feb 18, 2026