Description
A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialised variable would eventually lead to
arbitrary free address which could allow attacker to use a use-after-free style
attack. (CVE-2016-4470, Important)
* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through
4.3.3 attempts to merge distinct setattr operations, which allows local users to
bypass intended access restrictions and modify the attributes of arbitrary
overlay files via a crafted application. (CVE-2015-8660, Moderate)