It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
Find out more about CVE-2018-10902 from the MITRE CVE dictionary dictionary and NIST NVD.
This flaw affects all current shipping releases of Red Hat Enterprise Linux. This flaw requires real or emulated midi hardware available in the system. Fixes will be delivered when available.
CVSS3 Base Score | 7.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:3096 | 2018-10-30 |
Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:3083 | 2018-10-30 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise MRG 2 | kernel-rt | Affected |
Red Hat Enterprise Linux 7 | kernel-alt | Affected |
Red Hat Enterprise Linux 6 | kernel | Affected |
Red Hat Enterprise Linux 5 | kernel | Will not fix |