Piotr Gabriel Kosinski

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.16.13 **Description** The issue is related to the sr do ioctl function in the Linux kernel, which allows local users to cause a denial of service or possibly have other unspecified impacts due to a stack-based buffer overflow. This occurs because sense buffers have different sizes at the CDROM layer and the SCSI layer. An example of exploitation is through a CDROMREADMODE2 ioctl call. **Recommendations** For Linux kernel versions prior to 4.16.13, update to version 4.16.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the sr do ioctl function until a patch is available.