It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.
Find out more about CVE-2016-9576 from the
MITRE CVE dictionary dictionary and
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.