Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9794

Опубликовано: 14 апр. 2016
Источник: redhat
CVSS3: 7
CVSS2: 6.2
EPSS Низкий

Описание

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.

A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:257403.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1401494kernel: ALSA: Use-after-free in kill_fasync

EPSS

Процентиль: 17%
0.00054
Низкий

7 High

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9794

CVSS3: 7.8
ubuntu
больше 8 лет назад

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.

nvd логотип

CVE-2016-9794

CVSS3: 7.8
nvd
больше 8 лет назад

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.

debian логотип

CVE-2016-9794

CVSS3: 7.8
debian
больше 8 лет назад

Race condition in the snd_pcm_period_elapsed function in sound/core/pc ...

github логотип

GHSA-4x89-4xjg-wjv4

CVSS3: 7.8
github
около 3 лет назад

Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.

suse-cvrf логотип

SUSE-SU-2017:0294-1

suse-cvrf
больше 8 лет назад

Security update for Linux Kernel Live Patch 10 for SLE 12 SP1

EPSS

Процентиль: 17%
0.00054
Низкий

7 High

CVSS3

6.2 Medium

CVSS2