Denial of Service Vulnerability in aufs 3.2.x+setfl-debian Patch in Linux Kernel 3.2.0-4

Denial of Service Vulnerability in aufs 3.2.x+setfl-debian Patch in Linux Kernel 3.2.0-4

CVE-2016-7118 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.

Learn more about our Cis Benchmark Audit For Debian Linux.