Описание
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.
Отчет
This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2018:2390 | 14.08.2018 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2018:2395 | 14.08.2018 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2018:2384 | 14.08.2018 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2018:2948 | 30.10.2018 |
| Red Hat Enterprise Linux 7.4 Extended Update Support | kernel | Fixed | RHSA-2019:1483 | 17.06.2019 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2019:1487 | 17.06.2019 |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET ...
Security update for the Linux Kernel (Live Patch 33 for SLE 12)
Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1)
6.1 Medium
CVSS3