Description: Use-after-free in pcpu_extend_area_map, triggered by bpf()
References:
 Reproducer: http://www.openwall.com/lists/oss-security/2016/05/12/6
 http://thread.gmane.org/gmane.linux.network/408459/
 http://article.gmane.org/gmane.linux.kernel/2227891
 http://article.gmane.org/gmane.linux.kernel/2227892
Notes:
 bwh> It's not clear whether this is specific to bpf() or an existing bug
 bwh> that's now easier to hit (and exploit).
Bugs:
upstream: released (4.7-rc4) [4f996e234dad488e5d9ba0858bc1bae12eff82c3, 6710e594f71ccaad8101bc64321152af7cd9ea28]
3.16-upstream-stable: N/A "Introduced with 1a4d76076cda and 9c824b6a172c in 3.18-rc1"
3.2-upstream-stable: N/A "Introduced with 1a4d76076cda and 9c824b6a172c in 3.18-rc1"
sid: released (4.6.2-2) [bugfix/all/percpu-fix-synchronization-between-chunk-map_extend_.patch, bugfix/all/percpu-fix-synchronization-between-synchronous-map-e.patch]
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"