Описание
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
Отчет
This flaw affects all current shipping releases of Red Hat Enterprise Linux. This flaw requires real or emulated midi hardware available in the system. Fixes will be delivered when available.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2019:0415 | 26.02.2019 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2018:3096 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2018:3083 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2019:3217 | 29.10.2019 |
| Red Hat Enterprise Linux 7.5 Extended Update Support | kernel | Fixed | RHSA-2019:3967 | 26.11.2019 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2019:0641 | 26.03.2019 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
It was found that the raw midi kernel driver does not protect against ...
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
ELSA-2019-0415: kernel security and bug fix update (IMPORTANT)
7.8 High
CVSS3