Message ID | 1536951338-23022-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA | expand |
On 14.09.2018 20:55, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html > > In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race > condition vulnerability exists in the sound system, this can lead to a > deadlock and denial of service condition. > > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html > > The Linux kernel 4.15 has a Buffer Overflow via an > SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq > by a local user. > > I've tested these changes by ensuring that audio still works in a > desktop VM. These issues only affect Trusty. > > Tyler > > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 09/14/18 20:55, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html > > In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race > condition vulnerability exists in the sound system, this can lead to a > deadlock and denial of service condition. > > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html > > The Linux kernel 4.15 has a Buffer Overflow via an > SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq > by a local user. > > I've tested these changes by ensuring that audio still works in a > desktop VM. These issues only affect Trusty. > > Tyler > > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 14.09.2018 20:55, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html > > In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race > condition vulnerability exists in the sound system, this can lead to a > deadlock and denial of service condition. > > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html > > The Linux kernel 4.15 has a Buffer Overflow via an > SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq > by a local user. > > I've tested these changes by ensuring that audio still works in a > desktop VM. These issues only affect Trusty. > > Tyler > > Applied to trusty/master-next. Thanks. -Stefan