PT-2017-3262 · Linux+5 · Linux Kernel+5

Alexander Potapenko

Publicado

2017-06-07

Atualizado

2018-07-09

CVE-2017-1000380

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.11.5

Description The issue is related to a data race in the ALSA /dev/snd/timer driver of the Linux kernel, which can lead to the disclosure of information. This can occur when a read and an ioctl happen simultaneously, potentially allowing a local attacker to access confidential information by exploiting access rights to sound devices. The vulnerable component is located in sound/core/timer.c.

Recommendations For Linux kernel versions prior to 4.11.5, update to version 4.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the sound devices to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2017-1854

ALT-PU-2018-1991

BDU:2018-00018

CESA-2017_3315

CVE-2017-1000380

DLA-1099-1

DSA-3981-1

MGASA-2017-0186

MGASA-2017-0187

MGASA-2017-0188

OPENSUSE-SU-2017_1633-1

RHSA-2017:3295

RHSA-2017:3315

RHSA-2017:3322

RHSA-2017_3315

RHSA-2017_3322

SUSE-SU-2017:1853-1

SUSE-SU-2017:1990-1

SUSE-SU-2017:2342-1

SUSE-SU-2017:2389-1

SUSE-SU-2017:2525-1

SUSE-SU-2017:2908-1

SUSE-SU-2017:2920-1

USN-3358-1

USN-3359-1

USN-3360-1

USN-3360-2

USN-3364-1

USN-3364-2

USN-3364-3

USN-3371-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2017-3262 · Linux+5 · Linux Kernel+5

CVE-2017-1000380

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 710