PT-2017-3262 · Linux+5 · Linux Kernel+5

Alexander Potapenko

Published

2017-06-07

Updated

2018-07-09

CVE-2017-1000380

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.11.5

Description The issue is related to a data race in the ALSA /dev/snd/timer driver of the Linux kernel, which can lead to the disclosure of information. This can occur when a read and an ioctl happen simultaneously, potentially allowing a local attacker to access confidential information by exploiting access rights to sound devices. The vulnerable component is located in sound/core/timer.c.

Recommendations For Linux kernel versions prior to 4.11.5, update to version 4.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the sound devices to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-1854

ALT-PU-2018-1991

BDU:2018-00018

CESA-2017_3315

CVE-2017-1000380

DLA-1099-1

DSA-3981-1

MGASA-2017-0186

MGASA-2017-0187

MGASA-2017-0188

OPENSUSE-SU-2017_1633-1

RHSA-2017:3295

RHSA-2017:3315

RHSA-2017:3322

RHSA-2017_3315

RHSA-2017_3322

SUSE-SU-2017:1853-1

SUSE-SU-2017:1990-1

SUSE-SU-2017:2342-1

SUSE-SU-2017:2389-1

SUSE-SU-2017:2525-1

SUSE-SU-2017:2908-1

SUSE-SU-2017:2920-1

USN-3358-1

USN-3359-1

USN-3360-1

USN-3360-2

USN-3364-1

USN-3364-2

USN-3364-3

USN-3371-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2017-3262 · Linux+5 · Linux Kernel+5

CVE-2017-1000380

Weakness Enumeration

Related Identifiers

Affected Products

References · 710