exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2017-1000380

Status Candidate

Overview

sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.

Related Files

Red Hat Security Advisory 2017-3315-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3315-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-1000380
SHA-256 | 2028823382216b9493c0bf056280c297c2bd677f271814aa58d6cf9f13e8cca5
Red Hat Security Advisory 2017-3295-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3295-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000380
SHA-256 | ec748d31f8d2398f3d79e56a226080b8b5e1a61e3e3e6554dbaa7f83a39f6847
Red Hat Security Advisory 2017-3322-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3322-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000380
SHA-256 | 4973d71923df5aa9887f8d97bd478129ae45c8f7a2c0eb31d083e45262e11f9d
Ubuntu Security Notice USN-3371-1
Posted Jul 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3371-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
SHA-256 | 29aac26db4fa25a26803428ac90ea403b7c6c8b689bbdd5436506a09c62947af
Ubuntu Security Notice USN-3364-3
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3364-3 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605
SHA-256 | 52da26b53d8c3033579bdd0681b859c86afd51f1537e50195093a868a02ecc95
Ubuntu Security Notice USN-3364-2
Posted Jul 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3364-2 - USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605
SHA-256 | 7ab39edea8d33fac19ee690f5410d949caf2f5e5bf4c3d8797fa3459ba097f19
Ubuntu Security Notice USN-3364-1
Posted Jul 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3364-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605
SHA-256 | 8d4d1e11cb0c3c986ec4d3a563f90d8fb81893599073f102feea772fe215fc10
Ubuntu Security Notice USN-3360-1
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3360-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the performance events and counters subsystem of the Linux kernel for ARM64. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE-2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9605
SHA-256 | b728a817657de92c7a8e7a3974a7db179927290da525b28390f7ffee93bfc9c8
Ubuntu Security Notice USN-3360-2
Posted Jul 21, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE-2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9074, CVE-2017-9605
SHA-256 | dd0fe2c526143d34a107f7f383bf5197ebc0f403d7b65cfed4142a62d732f7a3
Ubuntu Security Notice USN-3359-1
Posted Jul 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3359-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2016-9755, CVE-2017-1000380, CVE-2017-5551, CVE-2017-5576, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9150, CVE-2017-9605
SHA-256 | 4c2386596faece3a8190c5928d9c879c09f797743015282506baa7e3339d72ec
Ubuntu Security Notice USN-3358-1
Posted Jul 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3358-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
SHA-256 | d2cf22e826ff1c4d35650ee61a489bed7dde9575afc78303e036d460dfe637d3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close