[kernel-sec-discuss] r4899 - active
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 8 12:57:32 UTC 2017
Author: jmm
Date: 2017-02-08 12:57:31 +0000 (Wed, 08 Feb 2017)
New Revision: 4899
Added:
active/CVE-2016-10044
Log:
new aio issue
Added: active/CVE-2016-10044
===================================================================
--- active/CVE-2016-10044 (rev 0)
+++ active/CVE-2016-10044 2017-02-08 12:57:31 UTC (rev 4899)
@@ -0,0 +1,11 @@
+Description: The aio_mount function in fs/aio.c in the Linux kernel does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
+References:
+ http://source.android.com/security/bulletin/2017-02-01.html
+Notes:
+Bugs:
+upstream: released (4.8) [22f6b4d34fcf039c63a94e7670e0da24f8575a5a]
+3.16-upstream-stable:
+3.2-upstream-stable:
+sid:
+3.16-jessie-security:
+3.2-wheezy-security:
More information about the kernel-sec-discuss
mailing list