Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
3.13.0-135.1844.4.0-79.100~14.04.14.4.0-79.1004.4.0-1018.274.4.0-1014.144.10.0-32.36~16.04.14.4.0-1057.644.4.0-1059.635.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 moreExploitability
AV:LAC:HPR:NUI:RScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H