APPLIED: [PATCH 0/4][T] CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA
Stefan Bader
stefan.bader at canonical.com
Mon Oct 1 10:12:28 UTC 2018
On 14.09.2018 20:55, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
>
> In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
> condition vulnerability exists in the sound system, this can lead to a
> deadlock and denial of service condition.
>
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
>
> The Linux kernel 4.15 has a Buffer Overflow via an
> SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
> by a local user.
>
> I've tested these changes by ensuring that audio still works in a
> desktop VM. These issues only affect Trusty.
>
> Tyler
>
>
Applied to trusty/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181001/588005b6/attachment.sig>
More information about the kernel-team
mailing list