CVE-2016-10088 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Privilege escalation |
| Description | The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-190 | linux-lts | 4.4.1-1 | 4.4.41-1 | High | Fixed | |
| AVG-186 | linux-zen | 4.9.8-1 | 4.9.11-2 | High | Fixed | |
| AVG-178 | linux | 4.9.8-1 | 4.9.11-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 22 Feb 2017 | ASA-201702-18 | AVG-186 | linux-zen | High | multiple issues |
| 22 Feb 2017 | ASA-201702-17 | AVG-178 | linux | High | multiple issues |