APPLIED: [PATCH 0/4][T] CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA

Stefan Bader stefan.bader at canonical.com
Mon Oct 1 10:12:28 UTC 2018


On 14.09.2018 20:55, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
> 
>  In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
>  condition vulnerability exists in the sound system, this can lead to a
>  deadlock and denial of service condition.
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
> 
>  The Linux kernel 4.15 has a Buffer Overflow via an
>  SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
>  by a local user.
> 
> I've tested these changes by ensuring that audio still works in a
> desktop VM. These issues only affect Trusty.
> 
> Tyler
> 
> 
Applied to trusty/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181001/588005b6/attachment.sig>


More information about the kernel-team mailing list