Race condition in the ALSA subsystem in the Linux kernel prior to 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
Cisco discusses Advanced Linux Sound Architecture mess before formal CVE release
An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release: “The vulnerability is due to a use-after-free memory error in the ALSA sequencer interface of the affected application. An attacker could exploit this vuln...