CVE-2017-15265 (NVD)

2017-10-16

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Products Linux_kernel
Type Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Use After Free (CWE-416)
First patch https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026
Patches http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026
Relevant file/s • ./sound/core/seq/seq_clientmgr.c (modified, +5, -1)
• ./sound/core/seq/seq_ports.c (modified, +5, -2)
Links https://access.redhat.com/errata/RHSA-2018:3822
https://access.redhat.com/errata/RHSA-2018:1130
https://access.redhat.com/errata/RHSA-2018:3823
https://bugzilla.suse.com/show_bug.cgi?id=1062520
https://access.redhat.com/errata/RHSA-2018:1170

linux - Tree: 7110599884

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)

Patched area: