prevent UAF in snd_pcm_info in kernel-ALSA-pcm CVE-2017-0861

Tracked by Jolla (Rejected)

asked 2018-06-26 07:30:53 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2018-06-26 07:31:23 +0200

lpr gravatar image

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVSS Score: 7.8HIGH local

Kernel-3.2 patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20171107.1/sound/core/pcm.c lines 150-157

So the whole patch should look like:

@@ -150,7 +150,9 @@ static int snd_pcm_control_ioctl(struct snd_card *card,
            err = -ENXIO;
            goto _error;
        }
+           mutex_lock(&pcm->open_mutex);
        err = snd_pcm_info_user(substream, info);
+           mutex_unlock(&pcm->open_mutex);
    _error:
        mutex_unlock(&register_mutex);
        return err;
edit retag flag offensive close delete