Bug 1311568 - (CVE-2016-2548) CVE-2016-2548 kernel: sound: linked lists of slave instances not unlinked immediately
CVE-2016-2548 kernel: sound: linked lists of slave instances not unlinked imm...
Status: CLOSED DUPLICATE of bug 1311566
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160119,repor...
: Security
Depends On: 1311573
Blocks: 1311575
  Show dependency treegraph
 
Reported: 2016-02-24 08:31 EST by Andrej Nemec
Modified: 2016-03-11 12:55 EST (History)
33 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-11 12:55:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2016-02-24 08:31:04 EST
Some linked lists (active_list and ack_list) of slave instances
aren't unlinked immediately at stopping or closing, and this may lead
to unexpected accesses.

Upstream patch:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d

External references:

http://seclists.org/oss-sec/2016/q1/133
Comment 1 Josh Boyer 2016-02-24 09:03:58 EST
This is an identical fix to bug 1311566

This was fixed in 4.3.5 with:

commit ea7f3d59628930dc29482a292e2a55c81cac52a4
Author: Takashi Iwai <tiwai@suse.de>
Date:   Thu Jan 14 16:30:58 2016 +0100

    ALSA: timer: Harden slave timer list handling
    
    commit b5a663aa426f4884c71cd8580adae73f33570f0d upstream.
    

and in 4.4.1 with:

commit 8eff3aa0a9bbb593dce0ec0344ec1961318e44c8
Author: Takashi Iwai <tiwai@suse.de>
Date:   Thu Jan 14 16:30:58 2016 +0100

    ALSA: timer: Harden slave timer list handling
    
    commit b5a663aa426f4884c71cd8580adae73f33570f0d upstream.

All Fedora branches are on those or newer.  This issue is fixed in Fedora.
Comment 2 Vladis Dronov 2016-03-11 12:55:26 EST

*** This bug has been marked as a duplicate of bug 1311566 ***

Note You need to log in before you can comment on or make changes to this bug.