CVE-2017-15265

Impact:
Moderate
Public Date:
2017-10-11
CWE:
CWE-416
Bugzilla:
1501878: CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port()
A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation.

Find out more about CVE-2017-15265 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the Linux kernel packages as shipped with Red Hat
Enterprise Linux 5,6, 7, realtime and MRG-2.

Red Hat Enterprise Linux 5 has transitioned to Production phase 3.
During the Production 3 Phase, Critical impact Security Advisories (RHSAs)
and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released
as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

Future Linux kernel updates for the respective releases may address this issue.

CVSS v3 metrics

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:1062 2018-04-10
Red Hat Enterprise Linux Long Life (v. 5.9 server) (kernel) RHSA-2018:3823 2018-12-13
Red Hat Enterprise Linux 6 (kernel) RHSA-2018:2390 2018-08-14
Red Hat Enterprise Linux Server (v. 5 ELS) (kernel) RHSA-2018:3822 2018-12-13
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2018:0676 2018-04-10
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2018:1170 2018-04-17
Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) RHSA-2018:1130 2018-04-17

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 kernel-alt Will not fix
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Mitigation

It is possible to prevent the affected code from being loaded by blacklisting the kernel module snd_seq. Instructions relating to how to blacklist a kernel module are shown here: https://access.redhat.com/solutions/41278

Alternatively a custom permission set can be created by udev, the correct permissions will depend on your use case. Please contact Red Hat customer support for creating a rule set that can minimize flaw exposure.

Last Modified