CVE-2017-15265: Linux Kernel ALSA Sequencer Interface Use-After-Free Memory Vulnerability
by CIRT Team
Description: Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
Impact: An attacker can exploit this issue to cause a local denial-of-service condition; other attacks may also be possible.
Mitigation: Administrators may disable administrative privileges on the Windows machines that have Cisco AMP for Endpoints installed. For information about fixed software releases, consult with vendor.
Reference URL’s:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
- http://www.securityfocus.com/bid/101288/info
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
- http://www.openwall.com/lists/oss-security/2017/10/11/3
- https://security-tracker.debian.org/tracker/CVE-2017-15265
- https://access.redhat.com/security/cve/cve-2017-15265
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
