mbox series

[0/4,T] CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA

Message ID 1536951338-23022-1-git-send-email-tyhicks@canonical.com
Headers show
Series CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA | expand

Message

Tyler Hicks Sept. 14, 2018, 6:55 p.m. UTC 
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html

 In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
 condition vulnerability exists in the sound system, this can lead to a
 deadlock and denial of service condition.

https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html

 The Linux kernel 4.15 has a Buffer Overflow via an
 SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
 by a local user.

I've tested these changes by ensuring that audio still works in a
desktop VM. These issues only affect Trusty.

Tyler

Comments

Stefan Bader Sept. 27, 2018, 4:44 p.m. UTC | #1 
On 14.09.2018 20:55, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
> 
>  In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
>  condition vulnerability exists in the sound system, this can lead to a
>  deadlock and denial of service condition.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
> 
>  The Linux kernel 4.15 has a Buffer Overflow via an
>  SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
>  by a local user.
> 
> I've tested these changes by ensuring that audio still works in a
> desktop VM. These issues only affect Trusty.
> 
> Tyler
> 
> 
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Kleber Sacilotto de Souza Sept. 28, 2018, 10:21 a.m. UTC | #2 
On 09/14/18 20:55, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
> 
>  In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
>  condition vulnerability exists in the sound system, this can lead to a
>  deadlock and denial of service condition.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
> 
>  The Linux kernel 4.15 has a Buffer Overflow via an
>  SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
>  by a local user.
> 
> I've tested these changes by ensuring that audio still works in a
> desktop VM. These issues only affect Trusty.
> 
> Tyler
> 
> 

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Stefan Bader Oct. 1, 2018, 10:12 a.m. UTC | #3 
On 14.09.2018 20:55, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
> 
>  In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
>  condition vulnerability exists in the sound system, this can lead to a
>  deadlock and denial of service condition.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
> 
>  The Linux kernel 4.15 has a Buffer Overflow via an
>  SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
>  by a local user.
> 
> I've tested these changes by ensuring that audio still works in a
> desktop VM. These issues only affect Trusty.
> 
> Tyler
> 
> 
Applied to trusty/master-next. Thanks.

-Stefan