CLD-179 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-0861 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) linux
Deficiency Type SECURITY
Date Created 2017-12-14 13:20:29
Date Last Modified 2017-12-14 15:30:12

Version Specific Information:

Cucumber 1.0 i686fixed in linux-4.9.69-i686-1
Cucumber 1.0 x86_64fixed in linux-4.9.69-x86_64-1

Cucumber 1.1 i686 fixed in linux-4.9.69-i686-1
Cucumber 1.1 x86_64 fixed in linux-4.9.69-x86_64-1

Details:

=================================== Overview ===================================

From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861:

e-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem
in the Linux kernel allows attackers to gain privileges via unspecified
vectors.

================================ Initial Report ================================

From Kernel.org (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69):

When the device descriptor is closed, the `substream->runtime` pointer is
freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which calls
snd_pcm_info() which accesses the now freed `substream->runtime`.

================================= Our Analysis =================================

----- Affected Products -----
Versions of the 4.9 Linux kernel series prior to 4.9.69 are vulnerable to this.

----- Scope and Impact of this Vulnerability -----
It has been claimed that this vulnerability can result in privilege escalation.

----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to Linux 4.9.69 or applying the
commit 362bca57f5d78220f8b5907b875961af9436e229.

================================= Our Solution =================================
We have upgraded to Linux 4.9.69.