Description
A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialised variable would eventually lead to
arbitrary free address which could allow attacker to use a use-after-free style
attack. (CVE-2016-4470, Important)
* A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl() replacement, which
could lead to insufficient memory security checks when being invoked using the
splice() system call. A local unprivileged user on a system with either
Infiniband hardware present or RDMA Userspace Connection Manager Access module
explicitly loaded, could use this flaw to escalate their privileges on the
system. (CVE-2016-4565, Important)
* A flaw was found in the implementation of the Linux kernel's handling of
networking challenge ack where an attacker is able to determine the shared
counter which could be used to determine sequence numbers for TCP stream
injection. (CVE-2016-5696, Important)