Bug 1550142 (CVE-2018-7566)
Summary: | CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vladis Dronov <vdronov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | airlied, ajax, apmukher, bskeggs, carnil, ewk, hdegoede, ichavero, itamar, jarodwilson, jforbes, jglisse, john.j5live, jonathan, josef, jwboyer, kernel-maint, labbott, linville, mchehab, mjg59, mmilgram, steved, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:41:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1550143, 1550169, 1550170, 1550171, 1550172, 1550173, 1550174, 1550175, 1550176, 1695790, 1695791 | ||
Bug Blocks: | 1539809 |
Description
Vladis Dronov
2018-02-28 15:53:24 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1550143] This was fixed for Fedora with the 4.15.5 stable updates. Statement: This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2390 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2384 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2018:2395 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1483 https://access.redhat.com/errata/RHSA-2019:1483 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:1487 https://access.redhat.com/errata/RHSA-2019:1487 |