It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 18.04 |
||
linux linux kernel - |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
Vulmon