CVE-2017-15265

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71105998845fb012937332fe2e806d443c09e026

http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8

http://www.openwall.com/lists/oss-security/2017/10/11/3

http://www.securityfocus.com/bid/101288

http://www.securitytracker.com/id/1039561

https://access.redhat.com/errata/RHSA-2018:0676

https://access.redhat.com/errata/RHSA-2018:1062

https://access.redhat.com/errata/RHSA-2018:1130

https://access.redhat.com/errata/RHSA-2018:1170

https://access.redhat.com/errata/RHSA-2018:2390

https://access.redhat.com/errata/RHSA-2018:3822

https://access.redhat.com/errata/RHSA-2018:3823

https://bugzilla.suse.com/show_bug.cgi?id=1062520

https://github.com/torvalds/linux/commit/71105998845fb012937332fe2e806d443c09e026

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://source.android.com/security/bulletin/2018-02-01

https://usn.ubuntu.com/3698-1/

https://usn.ubuntu.com/3698-2/

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Details

Source: MITRE

Published: 2017-10-16

Updated: 2020-07-15

Type: CWE-362

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.13.7 (inclusive)

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
127425NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0152)NessusNewStart CGSL Local Security Checks
high
127281NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)NessusNewStart CGSL Local Security Checks
critical
127272NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)NessusNewStart CGSL Local Security Checks
critical
124981EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1528)NessusHuawei Local Security Checks
high
124822EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1499)NessusHuawei Local Security Checks
medium
121754Photon OS 2.0: Linux PHSA-2017-0043NessusPhotonOS Local Security Checks
high
121752Photon OS 1.0: Linux PHSA-2017-0042NessusPhotonOS Local Security Checks
high
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
111892Photon OS 2.0: Linux PHSA-2017-0043 (deprecated)NessusPhotonOS Local Security Checks
high
111891Photon OS 1.0: Linux / Openssl PHSA-2017-0042 (deprecated)NessusPhotonOS Local Security Checks
high
111777Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180814) (Foreshadow)NessusScientific Linux Local Security Checks
high
111731RHEL 6 : kernel (RHSA-2018:2390) (Foreshadow)NessusRed Hat Local Security Checks
high
111724Oracle Linux 6 : kernel (ELSA-2018-2390)NessusOracle Linux Local Security Checks
high
111704CentOS 6 : kernel (CESA-2018:2390) (Foreshadow)NessusCentOS Local Security Checks
high
110900Ubuntu 14.04 LTS : linux vulnerabilities (USN-3698-1)NessusUbuntu Local Security Checks
high
109449Scientific Linux Security Update : kernel on SL7.x x86_64 (20180410) (Meltdown)NessusScientific Linux Local Security Checks
critical
109380CentOS 7 : kernel (CESA-2018:1062)NessusCentOS Local Security Checks
critical
109335RHEL 6 : MRG (RHSA-2018:1170)NessusRed Hat Local Security Checks
critical
109116RHEL 7 : kernel (RHSA-2018:1130)NessusRed Hat Local Security Checks
critical
109113Oracle Linux 7 : kernel (ELSA-2018-1062)NessusOracle Linux Local Security Checks
critical
108997RHEL 7 : kernel (RHSA-2018:1062)NessusRed Hat Local Security Checks
critical
108984RHEL 7 : kernel-rt (RHSA-2018:0676)NessusRed Hat Local Security Checks
critical
105948Fedora 27 : kernel (2017-aa9927961f)NessusFedora Local Security Checks
high
105685SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
105461SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3410-1)NessusSuSE Local Security Checks
high
105172SUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)NessusSuSE Local Security Checks
critical
105116Debian DLA-1200-1 : linux security update (KRACK)NessusDebian Local Security Checks
high
104737Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)NessusUbuntu Local Security Checks
high
104735Ubuntu 14.04 LTS : linux-aws vulnerabilities (USN-3485-3)NessusUbuntu Local Security Checks
high
104719Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-107)NessusVirtuozzo Local Security Checks
high
104717Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3485-2)NessusUbuntu Local Security Checks
high
104716Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3485-1)NessusUbuntu Local Security Checks
high
104463EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1282)NessusHuawei Local Security Checks
high
104374SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)NessusSuSE Local Security Checks
critical
104296EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1271)NessusHuawei Local Security Checks
high
104271SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)NessusSuSE Local Security Checks
critical
104246openSUSE Security Update : the Linux Kernel (openSUSE-2017-1224) (KRACK)NessusSuSE Local Security Checks
high
104171SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)NessusSuSE Local Security Checks
high
104166openSUSE Security Update : the Linux Kernel (openSUSE-2017-1194) (KRACK)NessusSuSE Local Security Checks
high
104160Fedora 25 : kernel (2017-cafcdbdde5)NessusFedora Local Security Checks
high
104158Fedora 26 : kernel (2017-c110ac0eb1)NessusFedora Local Security Checks
high