Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Local Code Execution Vulnerability in Linux Kernel

 

Systems Affected


Linux Kernel prior to 3.15.2

Threat Level


Medium


Overview


Vulnerability has been reported in Linux Kernel which could be exploited by a local attacker to execute arbitrary code on the system.


Description


The vulnerability exists due to use-after-free error in the "sound/core/control.c" in the ALSA (Advanced Linux Sound Architecture) control implementation. A local attacker could exploit this vulnerability to execute arbitrary code on the system.

Successful exploitation of this vulnerability could allow an attacker to cause Denial of service(DoS) or obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.


Impact



Solution/ Workarounds


Apply appropriate patch as mentioned in the following link
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/sound/core/control.c?id=fd9f26e4eca5d08a27d12c0933fceef76ed9663d


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.