PT-2017-13952 · Linux+5 · Linux Kernel+5

Published

2017-10-16

·

Updated

2024-06-15

·

CVE-2017-15265

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.13.8
Description A race condition in the ALSA subsystem allows local users to cause a denial of service or possibly have other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq clientmgr.c and sound/core/seq/seq ports.c.
Recommendations For Linux kernel versions prior to 4.13.8, update to version 4.13.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/snd/seq ioctl calls to minimize the risk of exploitation.

Fix

DoS

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2017-2451
ALT-PU-2017-2458
ALT-PU-2017-2459
ALT-PU-2017-2466
ALT-PU-2017-2467
ALT-PU-2017-2468
ALT-PU-2018-1465
CESA-2018_1062
CESA-2018_2390
CVE-2017-15265
DLA-1200-1
MGASA-2017-0463
MGASA-2017-0466
MGASA-2017-0467
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
OPENSUSE-SU-2017_2846-1
OPENSUSE-SU-2017_2905-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2018:0676
RHSA-2018:1062
RHSA-2018:1130
RHSA-2018:1170
RHSA-2018:2390
RHSA-2018:3822
RHSA-2018:3823
RHSA-2018_0676
RHSA-2018_1062
RHSA-2018_2390
RHSA-2018_3822
SUSE-SU-2017:2847-1
SUSE-SU-2017:2908-1
SUSE-SU-2017:2920-1
SUSE-SU-2017:3165-1
SUSE-SU-2017:3265-1
SUSE-SU-2017:3267-1
SUSE-SU-2017:3410-1
SUSE-SU-2018:0040-1
USN-3485-1
USN-3485-2
USN-3485-3
USN-3487-1
USN-3698-1
USN-3698-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu