Bug 1590720 (CVE-2018-10902)
| Summary: | CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | adakopou, airlied, aquini, bhu, blc, bskeggs, dhoward, dvlasenk, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mthacker, nmurray, plougher, pmatouse, rt-maint, rvrbovsk, security-response-team, skozina, slawomir, steved, williams, wmealing, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:28:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1593082, 1593083, 1593084, 1593085, 1593086, 1593087, 1593088, 1593089, 1593090, 1620291, 1620292, 1740219, 1740220 | ||
| Bug Blocks: | 1590715 | ||
|
Description
Andrej Nemec
2018-06-13 09:24:54 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1620291] This was fixed for Fedora users with the 4.17.10 stable kernel update Statement: This flaw affects all current shipping releases of Red Hat Enterprise Linux. This flaw requires real or emulated midi hardware available in the system. Fixes will be delivered when available. Acknowledgments: Name: Trend Micro Zero Day Initiative This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:0415 https://access.redhat.com/errata/RHSA-2019:0415 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:0641 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3217 https://access.redhat.com/errata/RHSA-2019:3217 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967 |