We have moved to a new Sailfish OS Forum. Please start new discussions there.

Revision history [back]

click to hide/show revision 1
initial version

posted 2018-06-26 07:30:53 +0200

lpr gravatar image

prevent UAF in snd_pcm_info in kernel-ALSA-pcm CVE-2017-0861

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVSS Socore: 7.8HIGH local

Kernel-3.2 patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20171107.1/sound/core/pcm.c lines 150-157

So the whole patch should look like:

@@ -150,7 +150,9 @@ static int snd_pcm_control_ioctl(struct snd_card *card,
            err = -ENXIO;
            goto _error;
        }
+           mutex_lock(&pcm->open_mutex);
        err = snd_pcm_info_user(substream, info);
+           mutex_unlock(&pcm->open_mutex);
    _error:
        mutex_unlock(&register_mutex);
        return err;

prevent UAF in snd_pcm_info in kernel-ALSA-pcm CVE-2017-0861

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVSS Socore: Score: 7.8HIGH local

Kernel-3.2 patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20171107.1/sound/core/pcm.c lines 150-157

So the whole patch should look like:

@@ -150,7 +150,9 @@ static int snd_pcm_control_ioctl(struct snd_card *card,
            err = -ENXIO;
            goto _error;
        }
+           mutex_lock(&pcm->open_mutex);
        err = snd_pcm_info_user(substream, info);
+           mutex_unlock(&pcm->open_mutex);
    _error:
        mutex_unlock(&register_mutex);
        return err;
Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49