ALT-PU-2016-1843-1
Package kernel-image-un-def updated to version 4.6.6-alt1 for branch sisyphus in task 168551.
Closed vulnerabilities
Published: 2016-11-16
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-7911
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
Severity: CRITICAL (9.3)Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4
- http://source.android.com/security/bulletin/2016-11-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6
- http://www.securityfocus.com/bid/94135
- https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4
- http://source.android.com/security/bulletin/2016-11-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6
- http://www.securityfocus.com/bid/94135
- https://github.com/torvalds/linux/commit/8ba8682107ee2ca3347354e018865d8e1967c5f4