A high-severity command injection flaw in dracut allows unauthenticated attackers on an adjacent network to achieve root code execution during the system initialization process.

This is a command injection vulnerability located in the legacy DHCP path of dracut. An attacker on an adjacent network can supply specially crafted DHCP options that are improperly handled, resulting in root-level code execution within the initramfs environment.

The CVSS score of 8.8 reflects the high severity of this flaw, as it grants an attacker root access during the early stages of the boot process. This can lead to total system compromise, including the ability to bypass security controls, persist across reboots, and access encrypted data.

Immediate Action: Apply the vendor-provided security patches for dracut as detailed in the official Red Hat security advisory.

Proactive Monitoring: Monitor network traffic for suspicious DHCP activity and review system logs for anomalies occurring during the boot sequence.

Compensating Controls: Restrict physical and network access to the local segment to prevent unauthorized devices from interacting with the DHCP service.

Public Exploit Available: false

This vulnerability is particularly dangerous as it occurs during system startup. Administrators must apply the latest patches provided by Red Hat immediately. Until patching is complete, ensure that only trusted devices are connected to the network segment to mitigate the risk of adjacent network attacks.