Vulnerability CVE-2017-15265: Information

Description

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-15265
Published: Oct. 16, 2017
Modified: June 21, 2023
Error type identifier: CWE-362CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-defsisyphus4.9.56-alt1.16.1.91-alt1ALT-PU-2017-2451-1190943Fixed
kernel-image-std-defp104.9.56-alt1.15.10.216-alt1ALT-PU-2017-2451-1190943Fixed
kernel-image-std-defp94.9.56-alt1.15.4.275-alt1ALT-PU-2017-2451-1190943Fixed
kernel-image-std-defp84.9.56-alt0.M80P.1.14.9.337-alt0.M80P.1ALT-PU-2017-2461-1191000Fixed
kernel-image-std-defc9f24.9.56-alt1.15.10.214-alt0.c9f.2ALT-PU-2017-2451-1190943Fixed
kernel-image-std-defc73.14.59-alt1.M70C.104.4.277-alt0.M70C.1ALT-PU-2017-2462-1190965Fixed
kernel-image-std-paep84.4.93-alt0.M80P.1.14.4.159-alt0.M80P.1ALT-PU-2017-2476-1191158Fixed
kernel-image-std-paec9f24.4.92-alt1.14.19.72-alt1ALT-PU-2017-2459-1190973Fixed
kernel-image-un-defsisyphus4.13.7-alt1.16.6.31-alt1ALT-PU-2017-2458-1190944Fixed
kernel-image-un-defp104.13.7-alt1.16.1.85-alt1ALT-PU-2017-2458-1190944Fixed
kernel-image-un-defp94.13.7-alt1.15.10.216-alt2ALT-PU-2017-2458-1190944Fixed
kernel-image-un-defp84.9.56-alt0.M80P.1.14.19.310-alt0.M80P.1ALT-PU-2017-2460-1190953Fixed
kernel-image-un-defc10f14.13.7-alt1.16.1.85-alt0.c10f.1ALT-PU-2017-2458-1190944Fixed
kernel-image-un-defc9f24.13.7-alt1.15.10.29-alt2ALT-PU-2017-2458-1190944Fixed
kernel-image-un-defc74.4.92-alt0.M70C.1.14.9.277-alt0.M70C.1ALT-PU-2017-2463-1190979Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.suse.com/show_bug.cgi?id=1062520
  • Issue Tracking
  • Patch
  • Third Party Advisory
[oss-security] 20171011 Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265
  • Mailing List
  • Patch
  • Third Party Advisory
[alsa-devel] 20171011 [PATCH] ALSA: seq: Fix use-after-free at creating a port
  • Mailing List
  • Patch
  • Third Party Advisory
1039561
  • Third Party Advisory
  • VDB Entry
101288
  • Third Party Advisory
  • VDB Entry
https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026
  • Issue Tracking
  • Patch
  • Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
  • Release Notes
  • Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026
  • Issue Tracking
  • Patch
  • Vendor Advisory
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
  • Mailing List
  • Third Party Advisory
https://source.android.com/security/bulletin/2018-02-01
  • Third Party Advisory
RHSA-2018:1062
  • Third Party Advisory
RHSA-2018:0676
  • Third Party Advisory
RHSA-2018:1170
  • Third Party Advisory
RHSA-2018:1130
  • Third Party Advisory
USN-3698-2
  • Third Party Advisory
USN-3698-1
  • Third Party Advisory
RHSA-2018:2390
  • Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
  • Third Party Advisory
RHSA-2018:3823
  • Third Party Advisory
RHSA-2018:3822
  • Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.3
      End excliding
      3.10.108
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      End excliding
      3.2.95
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.19
      End excliding
      4.1.46
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.11
      End excliding
      3.16.50
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.17
      End excliding
      3.18.76
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.2
      End excliding
      4.4.93
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.5
      End excliding
      4.9.57
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.10
      End excliding
      4.13.8
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top