[PATCH 0/4][T] CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA
Tyler Hicks
tyhicks at canonical.com
Fri Sep 14 18:55:34 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
condition vulnerability exists in the sound system, this can lead to a
deadlock and denial of service condition.
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
The Linux kernel 4.15 has a Buffer Overflow via an
SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
by a local user.
I've tested these changes by ensuring that audio still works in a
desktop VM. These issues only affect Trusty.
Tyler
More information about the kernel-team
mailing list