CVE-2018-7566

MEDIUM

Description

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

References

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html

http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html

http://www.securityfocus.com/bid/103605

https://access.redhat.com/errata/RHSA-2018:2384

https://access.redhat.com/errata/RHSA-2018:2390

https://access.redhat.com/errata/RHSA-2018:2395

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2019:1483

https://access.redhat.com/errata/RHSA-2019:1487

https://bugzilla.redhat.com/show_bug.cgi?id=1550142

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html

https://usn.ubuntu.com/3631-1/

https://usn.ubuntu.com/3631-2/

https://usn.ubuntu.com/3798-1/

https://usn.ubuntu.com/3798-2/

https://www.debian.org/security/2018/dsa-4187

https://www.debian.org/security/2018/dsa-4188

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Details

Source: MITRE

Published: 2018-03-30

Updated: 2020-08-24

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:suse:linux_enterprise_module_for_public_cloud:12:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:oracle:communications_eagle_application_processor:16.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_application_processor:16.2.0:*:*:*:*:*:*:*

Tenable Plugins

View all (74 total)

IDNameProductFamilySeverity
127425NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0152)NessusNewStart CGSL Local Security Checks
high
127281NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)NessusNewStart CGSL Local Security Checks
critical
127272NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)NessusNewStart CGSL Local Security Checks
critical
126057RHEL 6 : MRG (RHSA-2019:1487) (SACK Panic) (SACK Slowness)NessusRed Hat Local Security Checks
medium
125971RHEL 7 : kernel (RHSA-2019:1483) (SACK Panic) (SACK Slowness)NessusRed Hat Local Security Checks
medium
124991EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)NessusHuawei Local Security Checks
high
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
119567Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)NessusOracle Linux Local Security Checks
high
118513RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)NessusRed Hat Local Security Checks
high
118329Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3798-1)NessusUbuntu Local Security Checks
high
118107Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4250)NessusOracle Linux Local Security Checks
high
117740EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1296)NessusHuawei Local Security Checks
high
117569EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260)NessusHuawei Local Security Checks
high
117446Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4211)NessusOracle Linux Local Security Checks
high
112206Virtuozzo 7 : OVMF / crit / criu / criu-devel / ksm-vz / etc (VZA-2018-063)NessusVirtuozzo Local Security Checks
high
112018Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-055)NessusVirtuozzo Local Security Checks
high
111993Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4200)NessusOracle Linux Local Security Checks
medium
111778Scientific Linux Security Update : kernel on SL7.x x86_64 (20180814) (Foreshadow)NessusScientific Linux Local Security Checks
high
111777Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180814) (Foreshadow)NessusScientific Linux Local Security Checks
high
111736RHEL 7 : kernel-rt (RHSA-2018:2395) (Foreshadow)NessusRed Hat Local Security Checks
high
111731RHEL 6 : kernel (RHSA-2018:2390) (Foreshadow)NessusRed Hat Local Security Checks
high
111727RHEL 7 : kernel (RHSA-2018:2384) (Foreshadow)NessusRed Hat Local Security Checks
high
111724Oracle Linux 6 : kernel (ELSA-2018-2390) (Foreshadow)NessusOracle Linux Local Security Checks
high
111723Oracle Linux 7 : kernel (ELSA-2018-2384) (Foreshadow)NessusOracle Linux Local Security Checks
high
111704CentOS 6 : kernel (CESA-2018:2390) (Foreshadow)NessusCentOS Local Security Checks
high
111703CentOS 7 : kernel (CESA-2018:2384) (Foreshadow)NessusCentOS Local Security Checks
high
110136EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132)NessusHuawei Local Security Checks
high
109646SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1172-1)NessusSuSE Local Security Checks
high
109531Debian DLA-1369-1 : linux security update (Spectre)NessusDebian Local Security Checks
critical
109518Debian DSA-4188-1 : linux - security update (Spectre)NessusDebian Local Security Checks
high
109517Debian DSA-4187-1 : linux - security update (Spectre)NessusDebian Local Security Checks
critical
109360SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1080-1) (Spectre)NessusSuSE Local Security Checks
high
109315Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3631-2)NessusUbuntu Local Security Checks
high
109314Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3631-1)NessusUbuntu Local Security Checks
high
109277SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1035-1)NessusSuSE Local Security Checks
medium
109276SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1034-1)NessusSuSE Local Security Checks
high
109275SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1033-1)NessusSuSE Local Security Checks
high
109274SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1032-1)NessusSuSE Local Security Checks
high
109273SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1031-1)NessusSuSE Local Security Checks
high
109272SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1030-1)NessusSuSE Local Security Checks
high
109271SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1029-1)NessusSuSE Local Security Checks
high
109270SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1026-1)NessusSuSE Local Security Checks
high
109269SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1025-1)NessusSuSE Local Security Checks
high
109268SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1023-1)NessusSuSE Local Security Checks
high
109267SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1021-1)NessusSuSE Local Security Checks
high
109266SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1019-1)NessusSuSE Local Security Checks
high
109265SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1018-1)NessusSuSE Local Security Checks
high
109264SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1016-1)NessusSuSE Local Security Checks
high
109263SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1015-1)NessusSuSE Local Security Checks
high
109262SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1014-1)NessusSuSE Local Security Checks
high
109261SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1012-1)NessusSuSE Local Security Checks
high
109260SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1011-1)NessusSuSE Local Security Checks
high
109259SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1010-1)NessusSuSE Local Security Checks
high
109258SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1009-1)NessusSuSE Local Security Checks
high
109257SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1008-1)NessusSuSE Local Security Checks
high
109256SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1007-1)NessusSuSE Local Security Checks
high
109255SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1006-1)NessusSuSE Local Security Checks
high
109254SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1005-1)NessusSuSE Local Security Checks
high
109253SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1004-1)NessusSuSE Local Security Checks
high
109252SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1003-1)NessusSuSE Local Security Checks
high
109251SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1001-1)NessusSuSE Local Security Checks
high
109250SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1000-1)NessusSuSE Local Security Checks
high
109249SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0999-1)NessusSuSE Local Security Checks
high
109248SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0996-1)NessusSuSE Local Security Checks
high
109247SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0995-1)NessusSuSE Local Security Checks
high
109246SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0994-1)NessusSuSE Local Security Checks
high
109245SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0993-1)NessusSuSE Local Security Checks
high
109244SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0992-1)NessusSuSE Local Security Checks
high
109243SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0991-1)NessusSuSE Local Security Checks
medium
109242SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0990-1)NessusSuSE Local Security Checks
high
109241SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0989-1)NessusSuSE Local Security Checks
high
109240SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0988-1)NessusSuSE Local Security Checks
high
108748SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0848-1)NessusSuSE Local Security Checks
critical
108705SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0834-1)NessusSuSE Local Security Checks
critical