ALAS-2017-786 ---- kernel perfID: oval:org.secpod.oval:def:1600494 | Date: (C)2017-01-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 .
Platform: |
Amazon Linux AMI |