In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lorelease serialization, which allows attackers to cause a denial of service (lockacquire use-after-free) or possibly have unspecified other impact.
{ "urgency": "not yet assigned" }