High severity7.8NVD Advisory· Published Feb 7, 2017· Updated May 13, 2026

CVE-2016-10044

Description

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
source.android.com/security/bulletin/2017-02-01.htmlnvdPatchThird Party Advisory
github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5anvdIssue TrackingPatchThird Party Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7nvdRelease NotesVendor Advisory
www.securityfocus.com/bid/96122nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037798nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000