Key Information CVE Number: CVE-2015-5706 Vulnerability Type: Use-after-free in path lookup Status: CLOSED NOTABUG Product: Security Response Component: vulnerability Operating System: Linux Priority: medium Severity: medium Vulnerability Description Discovery: - The Linux kernel function is called by during path lookup ( ), and is incorrectly cleaned up twice, leading to a , which causes a use-after-free vulnerability. CVE Assignment Link: http://seclists.org/oss-sec/2015/q3/270 Commit Introducing the Issue: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb458c644a59dbba3a1fe59b27106c5e68e1c4bd Upstream Patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0 OSS-SEC Request: http://seclists.org/oss-sec/2015/q3/371 Impact and Fix Affected Versions: Linux kernel versions 3.19 and 4.0 Red Hat Enterprise Linux Kernel: Not affected, as the patch causing the "double put" condition was not applied to any shipped kernel.