CVE-2017-15265: Linux Kernel ALSA Sequencer Interface Use-After-Free Memory Vulnerability

by CIRT Team

Description:  Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Impact: An attacker can exploit this issue to cause a local denial-of-service condition; other attacks may also be possible.

Mitigation: Administrators may disable administrative privileges on the Windows machines that have Cisco AMP for Endpoints installed. For information about fixed software releases, consult with vendor.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
• http://www.securityfocus.com/bid/101288/info
• https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
• http://www.openwall.com/lists/oss-security/2017/10/11/3
• https://security-tracker.debian.org/tracker/CVE-2017-15265
• https://access.redhat.com/security/cve/cve-2017-15265

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts