vulnerability

Debian: CVE-2016-10088: linux -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Dec 30, 2016

Added

Mar 31, 2017

Modified

Mar 30, 2026

Description

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.

Solution

debian-upgrade-linux

References

CVE-2016-10088
https://attackerkb.com/topics/CVE-2016-10088
CWE-416
DEBIAN-DLA-772-1
EUVD-EUVD-2016-1280
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-1280

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report