Fix use-after-free at creating a port in kernel-ALSA-seq CVE-2017-15265
Tracked by Jolla
(Rejected)
asked 2017-11-09 07:25:58 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. 7.0High
Patch is available.
Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/sound/core/seq/seq_clientmgr.c lines 1245-1248; 1258-1264; 1281-1283
kernel-adaptation-sbj-3.4.108.20161101.1/sound/core/seq/seq_ports.c lines 122-127; 153-158; 167-175