CVE-2018-7566
kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
El kernel de Linux 4.15 tiene un desbordamiento de búfer mediante una operación de escritura ioctl SNDRV_SEQ_IOCTL_SET_CLIENT_POOL en /dev/snd/seq por un usuario local.
ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.
An update that fixes four vulnerabilities is now available. This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed. An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver.A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-28 CVE Reserved
- 2018-03-28 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103605 | Third Party Advisory | |
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | Mailing List |
|
https://www.oracle.com/security-alerts/cpujul2020.html | X_refsource_misc |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2018:2384 | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2018:2390 | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2018:2395 | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2018:2948 | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2019:1483 | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2019:1487 | 2020-08-24 | |
https://usn.ubuntu.com/3631-1 | 2020-08-24 | |
https://usn.ubuntu.com/3631-2 | 2020-08-24 | |
https://usn.ubuntu.com/3798-1 | 2020-08-24 | |
https://usn.ubuntu.com/3798-2 | 2020-08-24 | |
https://www.debian.org/security/2018/dsa-4187 | 2020-08-24 | |
https://www.debian.org/security/2018/dsa-4188 | 2020-08-24 | |
https://access.redhat.com/security/cve/CVE-2018-7566 | 2019-06-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.15 Search vendor "Linux" for product "Linux Kernel" and version "4.15" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Module For Public Cloud Search vendor "Suse" for product "Linux Enterprise Module For Public Cloud" | 12 Search vendor "Suse" for product "Linux Enterprise Module For Public Cloud" and version "12" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12" | ltss |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Eagle Application Processor Search vendor "Oracle" for product "Communications Eagle Application Processor" | 16.1.0 Search vendor "Oracle" for product "Communications Eagle Application Processor" and version "16.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Eagle Application Processor Search vendor "Oracle" for product "Communications Eagle Application Processor" | 16.2.0 Search vendor "Oracle" for product "Communications Eagle Application Processor" and version "16.2.0" | - |
Affected
|