First published: Mon Aug 19 2019(Updated: )
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <4.5 | |
ubuntu/linux | <4.5~ | 4.5~ |
ubuntu/linux | <4.4.0-166.195 | 4.4.0-166.195 |
ubuntu/linux-aws | <4.4.0-1056.60 | 4.4.0-1056.60 |
ubuntu/linux-aws | <4.5~ | 4.5~ |
ubuntu/linux-aws | <4.4.0-1096.107 | 4.4.0-1096.107 |
ubuntu/linux-aws-hwe | <4.5~ | 4.5~ |
ubuntu/linux-azure | <4.5~ | 4.5~ |
ubuntu/linux-azure-edge | <4.5~ | 4.5~ |
ubuntu/linux-gcp | <4.5~ | 4.5~ |
ubuntu/linux-gcp-edge | <4.5~ | 4.5~ |
ubuntu/linux-gke-4.15 | <4.5~ | 4.5~ |
ubuntu/linux-gke-5.0 | <4.5~ | 4.5~ |
ubuntu/linux-hwe | <4.5~ | 4.5~ |
ubuntu/linux-hwe-edge | <4.5~ | 4.5~ |
ubuntu/linux-kvm | <4.5~ | 4.5~ |
ubuntu/linux-kvm | <4.4.0-1060.67 | 4.4.0-1060.67 |
ubuntu/linux-lts-trusty | <4.5~ | 4.5~ |
ubuntu/linux-lts-xenial | <4.4.0-166.195~14.04.1 | 4.4.0-166.195~14.04.1 |
ubuntu/linux-lts-xenial | <4.5~ | 4.5~ |
ubuntu/linux-oem | <4.5~ | 4.5~ |
ubuntu/linux-oracle | <4.5~ | 4.5~ |
ubuntu/linux-raspi2 | <4.5~ | 4.5~ |
ubuntu/linux-raspi2 | <4.4.0-1124.133 | 4.4.0-1124.133 |
ubuntu/linux-snapdragon | <4.15.0-1053.57 | 4.15.0-1053.57 |
ubuntu/linux-snapdragon | <4.5~ | 4.5~ |
ubuntu/linux-snapdragon | <4.4.0-1128.136 | 4.4.0-1128.136 |
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2016-10906.
The vulnerability is a use-after-free caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean in the Linux kernel before version 4.5.
Software versions before Linux kernel version 4.5 are affected by this vulnerability.
To fix this vulnerability, update your Linux kernel to version 4.5 or later.
You can find more information about this vulnerability at the following references: [1] [2] [3].