CVE-2016-2549

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.1

Description The issue allows local users to cause a denial of service (deadlock) via a crafted ioctl call due to the lack of prevention of recursive callback access in sound/core/hrtimer.c. This problem is not hypothetical and has been triggered by the syzkaller fuzzer. The previous fix is still insufficient, as it may cause a lockup when the ALSA timer instance reprograms itself in its callback, invoking the start function even in snd timer interrupt() that is called in hrtimer callback itself, resulting in a CPU stall.

Recommendations For Linux kernel versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the snd timer interrupt() function until a patch is available. Restrict access to the sound/core/hrtimer.c module to minimize the risk of exploitation. Avoid using the ioctl call in the affected API endpoint until the issue is resolved.