CLD-179 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
linux |
Deficiency Type |
SECURITY |
Date Created |
2017-12-14 13:20:29 |
Date Last Modified |
2017-12-14 15:30:12 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in linux-4.9.69-i686-1 |
Cucumber 1.0 x86_64 | fixed in linux-4.9.69-x86_64-1 |
Cucumber 1.1 i686 |
fixed in linux-4.9.69-i686-1 |
Cucumber 1.1 x86_64 |
fixed in linux-4.9.69-x86_64-1 |
Details:
=================================== Overview ===================================
From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861:
e-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem
in the Linux kernel allows attackers to gain privileges via unspecified
vectors.
================================ Initial Report ================================
From Kernel.org (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69):
When the device descriptor is closed, the `substream->runtime` pointer is
freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which calls
snd_pcm_info() which accesses the now freed `substream->runtime`.
================================= Our Analysis =================================
----- Affected Products -----
Versions of the 4.9 Linux kernel series prior to 4.9.69 are vulnerable to this.
----- Scope and Impact of this Vulnerability -----
It has been claimed that this vulnerability can result in privilege escalation.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to Linux 4.9.69 or applying the
commit 362bca57f5d78220f8b5907b875961af9436e229.
================================= Our Solution =================================
We have upgraded to Linux 4.9.69.