CVE-2016-6349

low

Published 2017-03-29 · Modified 2026-05-13

CVSS v3

3.3

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2

2.1

VIR risk

3.3

Description

The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.

Predictions

Exploit likelihood

34%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-6349.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/projectatomic/oci-register-machine/pull/22

OS impact

OS	Version	Status	Fixed in
sles		affected

Application impact

Vendor	Product	Versions	Fixed
projectatomic	oci-register-machine	`-`

References

http://www.openwall.com/lists/oss-security/2016/07/26/9
http://www.openwall.com/lists/oss-security/2016/10/13/7
http://www.securityfocus.com/bid/92143
https://bugzilla.redhat.com/show_bug.cgi?id=1360634
https://github.com/projectatomic/oci-register-machine/pull/22
https://www.suse.com/security/cve/CVE-2016-6349.html

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.