Bug 1311568 (CVE-2016-2548) - CVE-2016-2548 kernel: sound: linked lists of slave instances not unlinked immediately
Summary: CVE-2016-2548 kernel: sound: linked lists of slave instances not unlinked imm...
Status: CLOSED DUPLICATE of bug 1311566
Alias: CVE-2016-2548
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160119,repor...
Keywords: Security
Depends On: 1311573
Blocks: 1311575
TreeView+ depends on / blocked
 
Reported: 2016-02-24 13:31 UTC by Andrej Nemec
Modified: 2016-03-11 17:55 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-11 17:55:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Andrej Nemec 2016-02-24 13:31:04 UTC
Some linked lists (active_list and ack_list) of slave instances
aren't unlinked immediately at stopping or closing, and this may lead
to unexpected accesses.

Upstream patch:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d

External references:

http://seclists.org/oss-sec/2016/q1/133

Comment 1 Josh Boyer 2016-02-24 14:03:58 UTC
This is an identical fix to bug 1311566

This was fixed in 4.3.5 with:

commit ea7f3d59628930dc29482a292e2a55c81cac52a4
Author: Takashi Iwai <tiwai@suse.de>
Date:   Thu Jan 14 16:30:58 2016 +0100

    ALSA: timer: Harden slave timer list handling
    
    commit b5a663aa426f4884c71cd8580adae73f33570f0d upstream.
    

and in 4.4.1 with:

commit 8eff3aa0a9bbb593dce0ec0344ec1961318e44c8
Author: Takashi Iwai <tiwai@suse.de>
Date:   Thu Jan 14 16:30:58 2016 +0100

    ALSA: timer: Harden slave timer list handling
    
    commit b5a663aa426f4884c71cd8580adae73f33570f0d upstream.

All Fedora branches are on those or newer.  This issue is fixed in Fedora.

Comment 2 Vladis Dronov 2016-03-11 17:55:26 UTC

*** This bug has been marked as a duplicate of bug 1311566 ***


Note You need to log in before you can comment on or make changes to this bug.