Ubuntu
linux package

CVE-2017-16528

Bug #2102273 reported by Bug Importer
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Linux
Fix Released
Low
Unassigned
linux (Ubuntu)
Status tracked in Plucky
Trusty
Invalid
Low
Unassigned
Xenial
Fix Released
Low
Unassigned
Zesty
Won't Fix
Low
Unassigned
Artful
Invalid
Low
Unassigned
Bionic
Invalid
Low
Unassigned
Cosmic
Invalid
Low
Unassigned
Focal
Invalid
Low
Unassigned
Plucky
Invalid
Low
Unassigned

Bug Description

sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local
users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free
and system crash) or possibly have unspecified other impact via a crafted
USB device.

References:
https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57
https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ
https://ubuntu.com/security/notices/USN-3619-1
https://ubuntu.com/security/notices/USN-3619-2
https://www.cve.org/CVERecord?id=CVE-2017-16528

CVE References

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.