ACK: [PATCH 0/4][T] CVE-2018-7566, CVE-2018-1000004: Multiple issues in ALSA
Kleber Souza
kleber.souza at canonical.com
Fri Sep 28 10:21:08 UTC 2018
On 09/14/18 20:55, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000004.html
>
> In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race
> condition vulnerability exists in the sound system, this can lead to a
> deadlock and denial of service condition.
>
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7566.html
>
> The Linux kernel 4.15 has a Buffer Overflow via an
> SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq
> by a local user.
>
> I've tested these changes by ensuring that audio still works in a
> desktop VM. These issues only affect Trusty.
>
> Tyler
>
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list