PT-2018-2206 · Linux+4 · Linux Kernel+4

Lukas Braune

·

Published

2018-02-14

·

Updated

2020-08-24

·

CVE-2018-7566

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version
Description The issue is related to a use-after-free error in the ALSA /dev/snd/seq driver of the Linux kernel. It may allow an attacker to impact the confidentiality, integrity, and availability of protected information. A buffer overflow can occur via an SNDRV SEQ IOCTL SET CLIENT POOL ioctl write operation to /dev/snd/seq by a local user.
Recommendations For Linux kernel versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the /dev/snd/seq device to minimize the risk of exploitation.

Exploit

Fix

Race Condition

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-119

Related Identifiers

BDU:2019-00184
CESA-2018_2384
CESA-2018_2390
CVE-2018-7566
DLA-1369-1
DSA-4187-1
DSA-4188-1
RHSA-2018:2384
RHSA-2018:2390
RHSA-2018:2395
RHSA-2018:2948
RHSA-2018_2384
RHSA-2018_2390
RHSA-2018_2395
RHSA-2019:1483
RHSA-2019:1487
SUSE-SU-2018:0834-1
SUSE-SU-2018:0848-1
SUSE-SU-2018:0988-1
SUSE-SU-2018:0989-1
SUSE-SU-2018:0990-1
SUSE-SU-2018:0991-1
SUSE-SU-2018:0992-1
SUSE-SU-2018:0993-1
SUSE-SU-2018:0994-1
SUSE-SU-2018:0995-1
SUSE-SU-2018:0996-1
SUSE-SU-2018:0997-1
SUSE-SU-2018:0998-1
SUSE-SU-2018:0999-1
SUSE-SU-2018:1000-1
SUSE-SU-2018:1001-1
SUSE-SU-2018:1002-1
SUSE-SU-2018:1003-1
SUSE-SU-2018:1004-1
SUSE-SU-2018:1005-1
SUSE-SU-2018:1006-1
SUSE-SU-2018:1007-1
SUSE-SU-2018:1008-1
SUSE-SU-2018:1009-1
SUSE-SU-2018:1010-1
SUSE-SU-2018:1011-1
SUSE-SU-2018:1012-1
SUSE-SU-2018:1013-1
SUSE-SU-2018:1014-1
SUSE-SU-2018:1015-1
SUSE-SU-2018:1016-1
SUSE-SU-2018:1018-1
SUSE-SU-2018:1019-1
SUSE-SU-2018:1020-1
SUSE-SU-2018:1021-1
SUSE-SU-2018:1022-1
SUSE-SU-2018:1023-1
SUSE-SU-2018:1024-1
SUSE-SU-2018:1025-1
SUSE-SU-2018:1026-1
SUSE-SU-2018:1027-1
SUSE-SU-2018:1028-1
SUSE-SU-2018:1029-1
SUSE-SU-2018:1030-1
SUSE-SU-2018:1031-1
SUSE-SU-2018:1032-1
SUSE-SU-2018:1033-1
SUSE-SU-2018:1034-1
SUSE-SU-2018:1035-1
SUSE-SU-2018:1080-1
SUSE-SU-2018:1172-1
SUSE-SU-2018:1309-1
SUSE-SU-2018_0991-1
SUSE-SU-2018_1035-1
USN-3631-1
USN-3631-2
USN-3798-1
USN-3798-2

Affected Products

Centos
Linux Kernel
Red Hat
Suse
Ubuntu