fix use-after-free in seq file in kernel-block CVE-2016-7910 [released]

Tracked by Jolla (In release)

asked 2017-05-03 12:55:26 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-03 12:55:26 +0300

lpr gravatar image

Description

Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. CVSSv3 7.8 high (attack range: remote)

Patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/block/genhd.c lines 828-832

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2017-06-14 18:11:33.817143

Comments

released in 2.1.1.12/Jämsänjoki

lpr ( 2017-06-14 18:11:22 +0300 )edit