CVE-2016-10088 log

Source
Severity High
Remote No
Type Privilege escalation
Description
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
Group Package Affected Fixed Severity Status Ticket
AVG-190 linux-lts 4.4.1-1 4.4.41-1 High Fixed
AVG-186 linux-zen 4.9.8-1 4.9.11-2 High Fixed
AVG-178 linux 4.9.8-1 4.9.11-1 High Fixed
Date Advisory Group Package Severity Type
22 Feb 2017 ASA-201702-18 AVG-186 linux-zen High multiple issues
22 Feb 2017 ASA-201702-17 AVG-178 linux High multiple issues