Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

CVE-2017-15265

Related Vulnerabilities: CVE-2017-15265  

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation.

Source
A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation.

Find out more about CVE-2017-15265 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the Linux kernel packages as shipped with Red Hat
Enterprise Linux 5,6, 7, realtime and MRG-2.

Red Hat Enterprise Linux 5 has transitioned to Production phase 3.
During the Production 3 Phase, Critical impact Security Advisories (RHSAs)
and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released
as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

Future Linux kernel updates for the respective releases may address this issue.

CVSS v3 metrics

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:1062 2018-04-10
Red Hat Enterprise Linux Long Life (v. 5.9 server) (kernel) RHSA-2018:3823 2018-12-13
Red Hat Enterprise Linux 6 (kernel) RHSA-2018:2390 2018-08-14
Red Hat Enterprise Linux Server (v. 5 ELS) (kernel) RHSA-2018:3822 2018-12-13
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2018:0676 2018-04-10
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2018:1170 2018-04-17
Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) RHSA-2018:1130 2018-04-17

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 kernel-alt Will not fix

Mitigation

It is possible to prevent the affected code from being loaded by blacklisting the kernel module snd_seq. Instructions relating to how to blacklist a kernel module are shown here: https://access.redhat.com/solutions/41278

Alternatively a custom permission set can be created by udev, the correct permissions will depend on your use case. Please contact Red Hat customer support for creating a rule set that can minimize flaw exposure.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started