Bug 1046599 – VUL-1: CVE-2017-9984: kernel: DoS in snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c

Bug 1046599 - (CVE-2017-9984) VUL-1: CVE-2017-9984: kernel: DoS in snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c

(CVE-2017-9984)
Summary:	VUL-1: CVE-2017-9984: kernel: DoS in snd_msnd_interrupt function in sound/isa...

Status:	RESOLVED WONTFIX

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/187396/
Whiteboard:	CVSSv3:NVD:CVE-2017-9984:7.8:(AV:L/AC...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-06-29 08:59 UTC by Alexander Bergmann
Modified:	2019-05-29 07:48 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2017-06-29 08:59:01 UTC

CVE-2017-9984

The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux
kernel through 4.11.7 allows local users to cause a denial of service
(over-boundary access) or possibly have unspecified other impact by changing the
value of a message queue head pointer between two kernel reads of that value,
aka a "double fetch" vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9984
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9984.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9984
https://bugzilla.kernel.org/show_bug.cgi?id=196131

Comment 1 Takashi Iwai 2017-06-29 09:23:51 UTC

Sigh, again yet another security report where the upstream maintainer was never informed...

Comment 2 Takashi Iwai 2017-06-29 09:24:52 UTC

It's about legacy ISA driver, so only SLE11 or older are affected.

Comment 3 Takashi Iwai 2017-06-29 09:26:18 UTC

... and it's no supported module, so SLE11 Server isn't affected.

Comment 4 Takashi Iwai 2017-06-30 09:38:36 UTC

IMO, this is no real security issue.  The DoS is possibly only with a flawed hardware that gives a wrong io-port read.  And if you assume that level of hardware trickery, everything can be done.

And, needless to say that the issue is specific to the ISA sound card, and practically seen it hits no one.

Comment 5 Takashi Iwai 2017-07-06 09:45:14 UTC

So I push back this as WONTFIX as a non-security issue.

I'm going to address it in the upstream, but it's not worth for backporting.

Comment 6 Marcus Meissner 2017-07-13 11:27:01 UTC

oki