CVE-2016-10905

An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.

From the Ubuntu Security Team

It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash).

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-165.193
	14.04 LTS trusty	Ignored
linux-aws	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1095.106
	14.04 LTS trusty	Ignored
linux-aws-hwe	19.04 disco	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-azure	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored
linux-azure-edge	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-gcp	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-gcp-edge	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-4.15	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-5.0	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-hwe-edge	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-kvm	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1059.66
	14.04 LTS trusty	Not in release
linux-lts-trusty	19.04 disco	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-xenial	19.04 disco	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Ignored
linux-oem	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Not in release
linux-oracle	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-raspi2	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.4.0-1123.132
	14.04 LTS trusty	Not in release
linux-snapdragon	19.04 disco	Not affected
	18.04 LTS bionic	Fixed 4.15.0-1053.57
	16.04 LTS xenial	Fixed 4.4.0-1127.135
	14.04 LTS trusty	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by c1ac539, fixed by 36e4ad0

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-4145-1
Linux kernel vulnerabilities
1 October 2019