prevent UAF in snd_pcm_info in kernel-ALSA-pcm CVE-2017-0861

Tracked by Jolla

asked 2018-06-26 07:30:53 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2018-06-26 07:31:23 +0200

lpr gravatar image

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVSS Score: 7.8HIGH local

Kernel-3.2 patch is available.

File affected: kernel-adaptation-sbj- lines 150-157

So the whole patch should look like:

@@ -150,7 +150,9 @@ static int snd_pcm_control_ioctl(struct snd_card *card,
            err = -ENXIO;
            goto _error;
+           mutex_lock(&pcm->open_mutex);
        err = snd_pcm_info_user(substream, info);
+           mutex_unlock(&pcm->open_mutex);
        return err;
edit retag flag offensive close delete