Public Date:
1335889: CVE-2016-4794 kernel: Use after free in array_map_alloc
Use after free vulnerability was found in percpu using previously allocated memory in bpf. First __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.

Find out more about CVE-2016-4794 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5 and 6.

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 and may be addressed in a future update.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2016:2584 2016-11-03
Red Hat Enterprise Linux 7 (kernel) RHSA-2016:2574 2016-11-03

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-aarch64 Will not fix
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Last Modified