{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "3.15"
              },
              {
                "fixed": "3.16.40"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "3.17"
              },
              {
                "fixed": "4.1.24"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "4.2"
              },
              {
                "fixed": "4.4.9"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "4.5"
              },
              {
                "fixed": "4.5.3"
              }
            ]
          }
        ]
      }
    }
  ],
  "details": "Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.",
  "id": "CVE-2016-7912",
  "modified": "2026-03-15T21:46:28.788197576Z",
  "published": "2016-11-16T05:59:07.140Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://source.android.com/security/bulletin/2016-11-01.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.securityfocus.com/bid/94197"
    },
    {
      "type": "FIX",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a"
    },
    {
      "type": "FIX",
      "url": "https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}