PT-2017-13952 · Linux+5 · Linux Kernel+5

Publicado

2017-10-16

·

Atualizado

2024-06-15

·

CVE-2017-15265

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.8
Description A race condition in the ALSA subsystem allows local users to cause a denial of service or possibly have other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq clientmgr.c and sound/core/seq/seq ports.c.
Recommendations For Linux kernel versions prior to 4.13.8, update to version 4.13.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/snd/seq ioctl calls to minimize the risk of exploitation.

Correção

DoS

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2017-2451
ALT-PU-2017-2458
ALT-PU-2017-2459
ALT-PU-2017-2466
ALT-PU-2017-2467
ALT-PU-2017-2468
ALT-PU-2018-1465
CESA-2018_1062
CESA-2018_2390
CVE-2017-15265
DLA-1200-1
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
OPENSUSE-SU-2017_2846-1
OPENSUSE-SU-2017_2905-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2018:0676
RHSA-2018:1062
RHSA-2018:1130
RHSA-2018:1170
RHSA-2018:2390
RHSA-2018:3822
RHSA-2018:3823
RHSA-2018_0676
RHSA-2018_1062
RHSA-2018_2390
RHSA-2018_3822
SUSE-SU-2017:2847-1
SUSE-SU-2017:2908-1
SUSE-SU-2017:2920-1
SUSE-SU-2017:3165-1
SUSE-SU-2017:3265-1
SUSE-SU-2017:3267-1
SUSE-SU-2017:3410-1
SUSE-SU-2018:0040-1
USN-3485-1
USN-3485-2
USN-3485-3
USN-3487-1
USN-3698-1
USN-3698-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu