The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
3.13.0-125.1744.4.0-63.84~14.04.24.4.0-63.844.4.0-1003.124.4.0-1044.514.4.0-1047.514.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+34 more4.15.0-1001.14.15.0-1003.34.15.0-1005.54.15.0-1006.64.15.0-1008.84.15.0-1009.94.15.0-1010.104.15.0-1014.144.15.0-1015.154.15.0-1017.18+28 more4.18.0-13.14~18.04.14.18.0-14.15~18.04.14.18.0-15.16~18.04.14.18.0-16.17~18.04.14.18.0-17.18~18.04.14.18.0-18.19~18.04.14.18.0-20.21~18.04.14.18.0-21.22~18.04.14.18.0-22.23~18.04.14.18.0-24.25~18.04.1+33 more5.0.0-15.16~18.04.15.0.0-16.17~18.04.15.0.0-17.18~18.04.15.0.0-19.20~18.04.15.0.0-20.21~18.04.15.3.0-19.20~18.04.25.3.0-22.24~18.04.15.3.0-23.25~18.04.15.3.0-23.25~18.04.25.3.0-24.26~18.04.2Exploitability
AV:LAC:HPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H