Description
A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialized variable would eventually lead to
arbitrary free address which could allow attacker to use a use-after-free style
attack. (CVE-2016-4470, Important)
* A heap-based buffer overflow vulnerability was found in the Linux kernel's
hiddev driver. This flaw could allow a local attacker to corrupt kernel memory,
possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)