Note:
This project will be discontinued after December 13, 2021. [more]
2015-11-16
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
| Products | Ubuntu_linux, Debian_linux, Linux_kernel |
| Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) Use After Free (CWE-416) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://sourceforge.net/p/aufs/mailman/message/34449209/
• http://www.ubuntu.com/usn/USN-2777-1 • http://www.openwall.com/lists/oss-security/2015/09/22/10 • http://www.debian.org/security/2015/dsa-3364 |