CVE-2016-10088

Source
Severity High
Remote No
Type Privilege escalation
Description
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
Group Package Affected Fixed Severity Status Ticket
AVG-190 linux-lts 4.4.1-1 4.4.41-1 High Fixed
AVG-186 linux-zen 4.9.8-1 4.9.11-2 High Fixed
AVG-178 linux 4.9.8-1 4.9.11-1 High Fixed
Date Advisory Group Package Severity Description
22 Feb 2017 ASA-201702-18 AVG-186 linux-zen High multiple issues
22 Feb 2017 ASA-201702-17 AVG-178 linux High multiple issues