Published: 17/06/2017 Updated: 06/12/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 189

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

sound/core/timer.c in the Linux kernel prior to 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Moderate: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

Debian Bug report logs - #875881 linux: CVE-2017-1000251 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Christoph Anton Mitterer <calestyo@scientianet> Date: Fri, 15 Sep 2017 14:42:01 UTC Severity: critical Tags: confirmed, fixed-upstream, security, ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction A process inside a guest can take advanta ...

Several security issues were fixed in the Linux kernel ...

It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space A local user could use this flaw to read information belonging to other users ...

CWE-200 https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378 https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728 http://www.openwall.com/lists/oss-security/2017/06/12/2 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728 http://www.securityfocus.com/bid/99121 http://www.debian.org/security/2017/dsa-3981 https://access.redhat.com/errata/RHSA-2017:3322 https://access.redhat.com/errata/RHSA-2017:3315 https://access.redhat.com/errata/RHSA-2017:3295 https://source.android.com/security/bulletin/pixel/2017-12-01 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:3315 https://usn.ubuntu.com/3358-1/https://www.debian.org/security/./dsa-3981

Get Started

CVE-2017-1000380

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect