Bug 1311568 (CVE-2016-2548)

Summary: CVE-2016-2548 kernel: sound: linked lists of slave instances not unlinked immediately
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: agordeev, aquini, arm-mgr, bhu, dhoward, esammons, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, kstutsma, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, nmurray, pholasek, plougher, rt-maint, rvrbovsk, vdronov, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-11 17:55:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1311573    
Bug Blocks: 1311575    

Description Andrej Nemec 2016-02-24 13:31:04 UTC 
Some linked lists (active_list and ack_list) of slave instances
aren't unlinked immediately at stopping or closing, and this may lead
to unexpected accesses.

Upstream patch:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d

External references:

http://seclists.org/oss-sec/2016/q1/133
Comment 1 Josh Boyer 2016-02-24 14:03:58 UTC 
This is an identical fix to bug 1311566

This was fixed in 4.3.5 with:

commit ea7f3d59628930dc29482a292e2a55c81cac52a4
Author: Takashi Iwai <tiwai>
Date:   Thu Jan 14 16:30:58 2016 +0100

    ALSA: timer: Harden slave timer list handling
    
    commit b5a663aa426f4884c71cd8580adae73f33570f0d upstream.
    

and in 4.4.1 with:

commit 8eff3aa0a9bbb593dce0ec0344ec1961318e44c8
Author: Takashi Iwai <tiwai>
Date:   Thu Jan 14 16:30:58 2016 +0100

    ALSA: timer: Harden slave timer list handling
    
    commit b5a663aa426f4884c71cd8580adae73f33570f0d upstream.

All Fedora branches are on those or newer.  This issue is fixed in Fedora.
Comment 2 Vladis Dronov 2016-03-11 17:55:26 UTC 

*** This bug has been marked as a duplicate of bug 1311566 ***
Comment 3 Doran Moppert 2020-02-10 04:31:22 UTC 
Statement:

This flaw was found to be a duplicate of CVE-2016-2547. Please see https://access.redhat.com/security/cve/CVE-2016-2547 for information about affected products and security errata.