The handling of the might_cancel queueing is not properly protected, so parallel operations on the file descriptor can race with each other and lead to list corruptions or use after free. References: https://marc.info/?l=linux-fsdevel&m=148587265720603&w=2 https://marc.info/?t=148587273100007&r=1&w=2 https://source.android.com/security/bulletin/2017-08-01#kernel-components Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6
Statement: This issue does not affect Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed. This issue affects Red Hat Enterprise Linux 6 and 7. Future updates for the respective releases may address this issue. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:0036 https://access.redhat.com/errata/RHSA-2020:0036