Back to bug 1308444
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-02-15 09:16:07 UTC | Depends On | 1308445 | |
| Andrej Nemec | 2016-02-15 09:17:41 UTC | Blocks | 1308446 | |
| Salvatore Bonaccorso | 2016-02-15 21:00:55 UTC | CC | carnil | |
| Vladis Dronov | 2016-02-16 19:52:36 UTC | CC | vdronov | |
| Doc Text | A vulnerability was found in the Linux kernel. There is a possibility of double-free on 'umidi' object. The 'umidi' object will be free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface causing the system panic. | |||
| Whiteboard | impact=moderate,public=20160214,reported=20160214,source=oss-security,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | ||
| Vladis Dronov | 2016-02-16 19:59:15 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-02-16 14:59:15 UTC | |||
| Andrej Nemec | 2016-02-17 08:37:24 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Slawomir Czarko | 2016-02-17 09:49:32 UTC | CC | slawomir | |
| Vladis Dronov | 2016-02-18 21:22:35 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
| Vladis Dronov | 2016-02-22 12:10:58 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
| Vladis Dronov | 2016-02-22 12:12:19 UTC | Status | CLOSED | ASSIGNED |
| Resolution | WONTFIX | --- | ||
| Keywords | Reopened | |||
| Vladis Dronov | 2016-02-22 12:57:29 UTC | Depends On | 1310663 | |
| Vladis Dronov | 2016-02-22 13:07:41 UTC | Depends On | 1310666 | |
| Vladis Dronov | 2016-02-22 13:15:45 UTC | Depends On | 1310667 | |
| Vladis Dronov | 2016-02-22 13:24:08 UTC | Depends On | 1310668 | |
| Ollie Armstrong | 2016-02-22 14:10:17 UTC | CC | ollie | |
| Summer Long | 2016-03-15 22:32:01 UTC | CC | slong | |
| Doc Text | A vulnerability was found in the Linux kernel. There is a possibility of double-free on 'umidi' object. The 'umidi' object will be free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface causing the system panic. | A vulnerability was found in the USB-MIDI Linux kernel driver, where a double-free error could be triggered for the 'umidi' object. The 'umidi' object is free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. A local system user could exploit this flaw to cause a system panic (denial of service). | ||
| Flags | needinfo?(vdronov) | |||
| Vladis Dronov | 2016-03-16 11:16:06 UTC | Flags | needinfo?(vdronov) | |
| Vladis Dronov | 2016-03-16 11:23:02 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected | impact=important,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
| Vladis Dronov | 2016-03-16 11:23:19 UTC | Severity | low | high |
| Vladis Dronov | 2016-03-16 11:23:35 UTC | Priority | low | high |
| Muhammad Azhar Shaikh | 2016-06-29 08:18:07 UTC | CC | mdshaikh | |
| Petr Matousek | 2016-09-26 04:46:17 UTC | CC | pmatouse | |
| Doc Text | A vulnerability was found in the USB-MIDI Linux kernel driver, where a double-free error could be triggered for the 'umidi' object. The 'umidi' object is free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. A local system user could exploit this flaw to cause a system panic (denial of service). | A vulnerability was found in the USB-MIDI Linux kernel driver, where a double-free error could be triggered for the 'umidi' object. The 'umidi' object is free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. An attacker with physical access to the system could use this flaw to escalate their privileges on the system. | ||
| Whiteboard | impact=important,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected | ||
| Adam Mariš | 2016-09-27 07:04:31 UTC | Priority | high | low |
| CC | amaris | |||
| Severity | high | low | ||
| John Skeoch | 2016-10-04 04:17:48 UTC | CC | pholasek | |
| Martin Prpič | 2016-11-01 15:21:36 UTC | Doc Text | A vulnerability was found in the USB-MIDI Linux kernel driver, where a double-free error could be triggered for the 'umidi' object. The 'umidi' object is free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. An attacker with physical access to the system could use this flaw to escalate their privileges on the system. | A vulnerability was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object; the 'umidi' object is free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. An attacker with physical access to the system could use this flaw to escalate their privileges. |
| Adam Mariš | 2016-11-08 16:13:36 UTC | CC | amaris | |
| Martin Prpič | 2017-03-20 09:48:13 UTC | Doc Text | A vulnerability was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object; the 'umidi' object is free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. An attacker with physical access to the system could use this flaw to escalate their privileges. | A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. |
| Prasad Pandit | 2017-03-21 05:54:08 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
| PnT Account Manager | 2018-02-07 23:11:07 UTC | CC | agordeev | |
| PnT Account Manager | 2018-07-19 06:14:25 UTC | CC | mguzik | |
| PnT Account Manager | 2018-08-27 21:29:43 UTC | CC | mdshaikh | |
| PnT Account Manager | 2018-08-28 22:02:25 UTC | CC | lwang | |
| Eric Sammons | 2019-02-08 15:02:52 UTC | CC | esammons | |
| Product Security DevOps Team | 2019-07-12 13:04:04 UTC | Status | ASSIGNED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-02-16 19:59:15 UTC | 2019-07-12 13:04:04 UTC | ||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=low,public=20160214,reported=20160214,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-416,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
Back to bug 1308444