Fix use-after-free at creating a port in kernel-ALSA-seq CVE-2017-15265

Tracked by Jolla

asked 2017-11-09 07:25:58 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-11-09 07:25:58 +0200

lpr gravatar image

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. 7.0High

Patch is available.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/sound/core/seq/seq_clientmgr.c lines 1245-1248; 1258-1264; 1281-1283

kernel-adaptation-sbj-3.4.108.20161101.1/sound/core/seq/seq_ports.c lines 122-127; 153-158; 167-175

edit retag flag offensive close delete