Описание
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem.
Меры по смягчению последствий
To mitigate this issue, skip loading (blacklist) the affected soundcard using modules like: blacklist soundcore blacklist snd blacklist snd_pcm blacklist snd_hda_codec_hdmi blacklist snd_hda_codec_realtek blacklist snd_hda_codec_generic blacklist snd_hda_intel blacklist snd_hda_codec blacklist snd_hda_core blacklist snd_hwdep blacklist snd_timer onto the system till we have a fix available. This can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:1584 | 04.04.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:1566 | 04.04.2023 |
| Red Hat Enterprise Linux 8 | kpatch-patch | Fixed | RHSA-2023:1659 | 05.04.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kernel | Fixed | RHSA-2023:1588 | 04.04.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2023:1590 | 04.04.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | kernel | Fixed | RHSA-2023:1559 | 04.04.2023 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | kernel-rt | Fixed | RHSA-2023:1560 | 04.04.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
A use after free vulnerability exists in the ALSA PCM package in the L ...
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
EPSS
7.8 High
CVSS3