fix use-after-free in seq file in kernel-block CVE-2016-7910

Tracked by Jolla (In release)

asked 2017-05-03 12:55:26 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-03 12:55:26 +0300

lpr gravatar image


Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. CVSSv3 7.8 high (attack range: remote)

Patch is available.

File affected: kernel-adaptation-sbj- lines 828-832

edit retag flag offensive close delete