Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.
BID 95672 Linux Kernel CVE-2016-10150 Denial of Service Vulnerability
This bug does not exist in any currently available gentoo-sources version. The fixed kernel was released 7 months ago, and the only stable branch that contained this bug was EOLed 6 months ago.
It would be a good idea to clean the metadata from the package, I didn't know wich one of them still stable
(In reply to dwfreed from comment #1)
> This bug does not exist in any currently available gentoo-sources version.
> The fixed kernel was released 7 months ago, and the only stable branch that
> contained this bug was EOLed 6 months ago.
For posterity (it would be helpful if comments like these were specific to begin with); I take it by EOLed you mean upstream? Would you happen to have information in which versions of the various stable branches this is fixed in? and if we still have a branch stable that is EOLed we likely want to consider a package mask, or at least cleaning the versions from the gentoo repository.
Fixed in 4.9