kernel: ALSA: usb-audio: Cancel pending work at closing a MIDI substream

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

...

kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation

Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it i...

The vulnerability in the implementation of the alsa_seq_dummy_init handler in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the alsaseqdummyinit implementation in the sound/core/seq/snd-seq-dummy.ko module of the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure by connecting an ALSA sequencer MIDI-through device. Th...

Denial Of Service (DoS)

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could u...

USN-3798-1: Linux kernel vulnerabilities

Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8539 It...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3631-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3631-2 advisory. USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

The vulnerability of the ALSA/dev/snd/timer driver (sound/core/timer.c) in the Linux operating system allows a hacker to obtain confidential information.

The vulnerability of the ALSA/dev/snd/timer driver sound/core/timer.c in the Linux operating system is related to the disclosure of information during simultaneous data reading and analysis. Exploiting this vulnerability can allow an attacker, operating locally, to obtain confidential information...

USN-3485-3 linux-aws vulnerabilities

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...

USN-3485-2 linux-lts-xenial vulnerabilities

USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem of the Linux...

Ubuntu 16.04 LTS : Linux kernel (HWE) kernel vulnerabilities (USN-3371-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3371-1 advisory. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-3169-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3169-3 advisory. Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3168-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3168-1 advisory. Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local...

kernel: ALSA: Use-after-free in kill_fasync

A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3020-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3020-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Linux kernel Advanced Linux Sound Architecture framework denial of service vulnerability (CNVD-2016-01978)

Linux kernel is an open source operating system. The Linux kernel's Advanced Linux Sound Architecture framework fails to verify that a FIFO is attached to a client before clearing it, which can be exploited by a local attacker to cause a system hang, resulting in a denial of service attack...

Linux kernel Advanced Linux Sound Architecture Framework Denial of Service Vulnerability

Linux kernel is an open source operating system. A denial of service vulnerability exists in the Linux kernel's Advanced Linux Sound Architecture framework, which can be exploited by a local attacker to cause the system to hang, resulting in a denial of service attack...

USN-2932-1 Linux kernel vulnerabilities | Cloud Foundry

USN-2932-1 Linux kernel vulnerabilities High Vendor Ubuntu Description Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2931-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2931-1 advisory. Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local...