Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2017-15265

Published: 16/10/2017 Updated: 21/06/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

Race condition in the ALSA subsystem in the Linux kernel prior to 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Moderate: kernel security and bug fix update
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 59 Long LifeRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Important: kernel-rt security, bug fix, and enhancement update
Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2017-15265
A use-after-free vulnerability was found when issuing an ioctl to a sound device This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation ...
Arch Linux Issues:
Race condition in the ALSA subsystem in the Linux kernel before 4138 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgrc and sound/core/seq/seq_portsc ...

Recent Articles

Sounds painful: Audio code bug lets users, apps get root on Linux
The Register • Richard Chirgwin • 15 Oct 2017

Cisco discusses Advanced Linux Sound Architecture mess before formal CVE release

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release: “The vulnerability is due to a use-after-free memory error in the ALSA sequencer interface of the affected application. An attacker could exploit this vuln...

Read more...

References

CWE-362CWE-416https://bugzilla.suse.com/show_bug.cgi?id=1062520http://www.openwall.com/lists/oss-security/2017/10/11/3http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.htmlhttp://www.securitytracker.com/id/1039561http://www.securityfocus.com/bid/101288https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026https://lists.debian.org/debian-lts-announce/2017/12/msg00004.htmlhttps://source.android.com/security/bulletin/2018-02-01https://access.redhat.com/errata/RHSA-2018:1062https://access.redhat.com/errata/RHSA-2018:0676https://access.redhat.com/errata/RHSA-2018:1170https://access.redhat.com/errata/RHSA-2018:1130https://usn.ubuntu.com/3698-2/https://usn.ubuntu.com/3698-1/https://access.redhat.com/errata/RHSA-2018:2390https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0https://access.redhat.com/errata/RHSA-2018:3823https://access.redhat.com/errata/RHSA-2018:3822https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:3823https://usn.ubuntu.com/3698-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook