| Description: | The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities.
|