A flaw was found in the Linux kernels function path_openat() in which would incorrectly clear up twice (as part of path_lookupat() called by
do_tmpfile(). Doing so again can lead to double fput(). This can lead to a use-after free condition.
Introduced in this commit:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1250048]
According to this, this bug affects only 3.19 and 4.0 kernel versions:
This issue does not affect any shipping versions of Red Hat Enterprise Linux kernels. The patch causing the incorrect "double put" condition is not applied to any shipping kernel.
Updated, now this should be a little clearer.