A flaw was found in the Linux kernel SCSI subsystem, which allowed a local user to gain privileges or cause a denial of service (memory corruption and system crash) by issuing an SG_IO ioctl call while a device was being detached. This could cause a situation in which a block request could be free'd twice. An attacker could use this condition to crafted memory in the correct location which can be free'd then used again , causing memory corruption (crash) or privilege escalation. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3951a3709ff50990bf3e188c27d346792103432
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and may be addressed in future updates. This issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,7 and MRG-2 kernels. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.