We have moved to a new Sailfish OS Forum. Please start new discussions there.

Revision history [back]

click to hide/show revision 1
initial version

posted 2017-11-09 07:25:58 +0200

lpr gravatar image

Fix use-after-free at creating a port in kernel-ALSA-seq CVE-2017-15265

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. 7.0High

Patch is available.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/sound/core/seq/seq_clientmgr.c lines 1245-1248; 1258-1264; 1281-1283

kernel-adaptation-sbj-3.4.108.20161101.1/sound/core/seq/seq_ports.c lines 122-127; 153-158; 167-175

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49