Bug 1046599 - (CVE-2017-9984) VUL-1: CVE-2017-9984: kernel: DoS in snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c
(CVE-2017-9984)
VUL-1: CVE-2017-9984: kernel: DoS in snd_msnd_interrupt function in sound/isa...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/187396/
CVSSv3:NVD:CVE-2017-9984:7.8:(AV:L/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-29 08:59 UTC by Alexander Bergmann
Modified: 2019-05-29 07:48 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-06-29 08:59:01 UTC
CVE-2017-9984

The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux
kernel through 4.11.7 allows local users to cause a denial of service
(over-boundary access) or possibly have unspecified other impact by changing the
value of a message queue head pointer between two kernel reads of that value,
aka a "double fetch" vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9984
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9984.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9984
https://bugzilla.kernel.org/show_bug.cgi?id=196131
Comment 1 Takashi Iwai 2017-06-29 09:23:51 UTC
Sigh, again yet another security report where the upstream maintainer was never informed...
Comment 2 Takashi Iwai 2017-06-29 09:24:52 UTC
It's about legacy ISA driver, so only SLE11 or older are affected.
Comment 3 Takashi Iwai 2017-06-29 09:26:18 UTC
... and it's no supported module, so SLE11 Server isn't affected.
Comment 4 Takashi Iwai 2017-06-30 09:38:36 UTC
IMO, this is no real security issue.  The DoS is possibly only with a flawed hardware that gives a wrong io-port read.  And if you assume that level of hardware trickery, everything can be done.

And, needless to say that the issue is specific to the ISA sound card, and practically seen it hits no one.
Comment 5 Takashi Iwai 2017-07-06 09:45:14 UTC
So I push back this as WONTFIX as a non-security issue.

I'm going to address it in the upstream, but it's not worth for backporting.
Comment 6 Marcus Meissner 2017-07-13 11:27:01 UTC
oki