Bugzilla – Bug 1062520
VUL-1: CVE-2017-15265: kernel: Use-after-free in /dev/snd/seq
Last modified: 2023-04-26 13:32:16 UTC
Created attachment 743705 [details] Reproduction steps
Requested a CVE for this (CVE Request 402305).
Please use CVE-2017-15265 for this issue
Thanks. The fix patch was submitted and merged to sound git tree for inclusion to 4.14-rc5. So now it's public. To: alsa-devel@alsa-project.org Subject: [alsa-devel] [PATCH] ALSA: seq: Fix use-after-free at creating a port From: Takashi Iwai <tiwai@suse.de> Date: Wed, 11 Oct 2017 10:00:19 +0200 Message-Id: <20171011080019.16212-1-tiwai@suse.de> I'm going to work on backporting the fix to SUSE kernels.
made public by Takashi: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
Backported to all branches. Reassigned back to security team.
Hi, I really need the CVE website(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265) to say this bug is found by ADLab of venustech.
The CVE website usually does not give direct credit in its entries. i mailed oss-sec again with this credit.
openSUSE-SU-2017:2846-1: An update that solves three vulnerabilities and has 60 fixes is now available. Category: security (important) Bug References: 1004527,1012382,1015342,1015343,1019675,1019680,1019695,1019699,1020412,1020989,1022595,1022604,1022912,1024346,1024373,1025461,1032150,1034075,1037579,1037890,1050471,1052360,1055567,1056230,1056427,1056587,1056596,1058135,1059863,1060249,1060400,1060985,1061451,1061721,1061775,1062279,1062520,1062962,1063102,1063349,1063460,1063475,1063501,1063509,1063520,1063570,1063667,1063695,1064064,1064206,1064388,1064436,963575,964944,966170,966172,966186,966191,966316,966318,969476,969477,971975 CVE References: CVE-2017-13080,CVE-2017-15265,CVE-2017-15649 Sources used: openSUSE Leap 42.3 (src): kernel-debug-4.4.92-31.1, kernel-default-4.4.92-31.1, kernel-docs-4.4.92-31.2, kernel-obs-build-4.4.92-31.1, kernel-obs-qa-4.4.92-31.1, kernel-source-4.4.92-31.1, kernel-syms-4.4.92-31.1, kernel-vanilla-4.4.92-31.1
SUSE-SU-2017:2847-1: An update that solves 11 vulnerabilities and has 170 fixes is now available. Category: security (important) Bug References: 1004527,1005776,1005778,1005780,1005781,1012382,1012829,1015342,1015343,1019675,1019680,1019695,1019699,1020412,1020645,1020657,1020989,1021424,1022595,1022604,1022743,1022912,1022967,1024346,1024373,1024405,1025461,1030850,1031717,1031784,1032150,1034048,1034075,1035479,1036060,1036215,1036737,1037579,1037838,1037890,1038583,1040813,1042847,1043598,1044503,1046529,1047238,1047487,1047989,1048155,1048228,1048325,1048327,1048356,1048501,1048893,1048912,1048934,1049226,1049272,1049291,1049336,1049361,1049580,1050471,1050742,1051790,1051987,1052093,1052094,1052095,1052360,1052384,1052580,1052593,1052888,1053043,1053309,1053472,1053627,1053629,1053633,1053681,1053685,1053802,1053915,1053919,1054082,1054084,1054654,1055013,1055096,1055272,1055290,1055359,1055493,1055567,1055709,1055755,1055896,1055935,1055963,1056061,1056185,1056230,1056261,1056427,1056587,1056588,1056596,1056686,1056827,1056849,1056982,1057015,1057031,1057035,1057038,1057047,1057067,1057383,1057498,1057849,1058038,1058116,1058135,1058410,1058507,1058512,1058550,1059051,1059465,1059500,1059863,1060197,1060229,1060249,1060400,1060985,1061017,1061046,1061064,1061067,1061172,1061451,1061721,1061775,1061831,1061872,1062279,1062520,1062962,1063102,1063349,1063460,1063475,1063479,1063501,1063509,1063520,1063570,1063667,1063671,1063695,1064064,1064206,1064388,1064436,963575,964944,966170,966172,966186,966191,966316,966318,969476,969477,969756,971975,981309 CVE References: CVE-2017-1000252,CVE-2017-11472,CVE-2017-12134,CVE-2017-12153,CVE-2017-12154,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14489,CVE-2017-15265,CVE-2017-15649 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): kernel-default-4.4.92-6.18.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-4.4.92-6.18.3, kernel-obs-build-4.4.92-6.18.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-default-4.4.92-6.18.1, kernel-source-4.4.92-6.18.1, kernel-syms-4.4.92-6.18.1 SUSE Linux Enterprise Live Patching 12-SP3 (src): kgraft-patch-SLE12-SP3_Update_4-1-4.3 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.92-6.18.1 SUSE Linux Enterprise Desktop 12-SP3 (src): kernel-default-4.4.92-6.18.1, kernel-source-4.4.92-6.18.1, kernel-syms-4.4.92-6.18.1
openSUSE-SU-2017:2905-1: An update that solves three vulnerabilities and has 32 fixes is now available. Category: security (important) Bug References: 1012382,1020645,1022595,1022600,1025461,1028971,1034048,1055567,1056427,1059863,1060985,1061451,1062520,1062962,1063460,1063475,1063501,1063509,1063520,1063667,1063695,1064206,1064388,964944,966170,966172,966186,966191,966316,966318,969474,969475,969476,969477,971975 CVE References: CVE-2017-13080,CVE-2017-15265,CVE-2017-15649 Sources used: openSUSE Leap 42.2 (src): kernel-debug-4.4.92-18.36.1, kernel-default-4.4.92-18.36.1, kernel-docs-4.4.92-18.36.2, kernel-obs-build-4.4.92-18.36.1, kernel-obs-qa-4.4.92-18.36.1, kernel-source-4.4.92-18.36.1, kernel-syms-4.4.92-18.36.1, kernel-vanilla-4.4.92-18.36.1
SUSE-SU-2017:2908-1: An update that solves 30 vulnerabilities and has 38 fixes is now available. Category: security (important) Bug References: 1001459,1012985,1023287,1027149,1028217,1030531,1030552,1031515,1033960,1034405,1035531,1035738,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039348,1039354,1039456,1039721,1039864,1039882,1039883,1039885,1040069,1041160,1041429,1041431,1042696,1042832,1042863,1044125,1045327,1045487,1045922,1046107,1048275,1048788,1049645,1049882,1053148,1053152,1053317,1056588,1056982,1057179,1058410,1058507,1058524,1059863,1062471,1062520,1063667,1064388,856774,860250,863764,878240,922855,922871,986924,993099,994364 CVE References: CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242 Sources used: SUSE OpenStack Cloud 6 (src): kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): kernel-default-3.12.74-60.64.63.1, kernel-source-3.12.74-60.64.63.1, kernel-syms-3.12.74-60.64.63.1, kernel-xen-3.12.74-60.64.63.1, kgraft-patch-SLE12-SP1_Update_22-1-2.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.74-60.64.63.1
SUSE-SU-2017:2920-1: An update that solves 36 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 1008353,1012422,1017941,1029850,1030593,1032268,1034405,1034670,1035576,1035877,1036752,1037182,1037183,1037306,1037994,1038544,1038879,1038981,1038982,1039348,1039349,1039354,1039456,1039721,1039882,1039883,1039885,1040069,1041431,1041958,1044125,1045327,1045487,1045922,1046107,1047408,1048275,1049645,1049882,1052593,1053148,1053152,1056588,1056982,1057179,1058038,1058410,1058507,1058524,1062520,1063667,1064388,938162,975596,977417,984779,985562,990682 CVE References: CVE-2015-9004,CVE-2016-10229,CVE-2016-9604,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8106,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): kernel-default-3.12.61-52.101.1, kernel-source-3.12.61-52.101.1, kernel-syms-3.12.61-52.101.1, kernel-xen-3.12.61-52.101.1, kgraft-patch-SLE12_Update_28-1-8.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.61-52.101.1
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2017-11-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63894
SUSE-SU-2017:3165-1: An update that solves 5 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 1022967,1036286,1044228,1045327,1052593,1053317,1056230,1056504,1057796,1059051,1059525,1060245,1060665,1061017,1061180,1062520,1062842,1063301,1063544,1063667,909484,996376 CVE References: CVE-2017-1000253,CVE-2017-13080,CVE-2017-14489,CVE-2017-15265,CVE-2017-15274 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-69.11.1, kernel-rt_trace-3.0.101.rt130-69.11.1, kernel-source-rt-3.0.101.rt130-69.11.1, kernel-syms-rt-3.0.101.rt130-69.11.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-69.11.1, kernel-rt_debug-3.0.101.rt130-69.11.1, kernel-rt_trace-3.0.101.rt130-69.11.1
SUSE-SU-2017:3265-1: An update that solves 20 vulnerabilities and has 53 fixes is now available. Category: security (important) Bug References: 1012917,1013018,1022967,1024450,1031358,1036286,1036629,1037441,1037667,1037669,1037994,1039803,1040609,1042863,1045154,1045205,1045327,1045538,1047523,1050381,1050431,1051133,1051932,1052311,1052365,1052370,1052593,1053148,1053152,1053317,1053802,1053933,1054070,1054076,1054093,1054247,1054305,1054706,1056230,1056504,1056588,1057179,1057796,1058524,1059051,1060245,1060665,1061017,1061180,1062520,1062842,1063301,1063544,1063667,1064803,1064861,1065180,1066471,1066472,1066573,1066606,1066618,1066625,1066650,1066671,1066700,1066705,1067085,1067816,1067888,909484,984530,996376 CVE References: CVE-2017-1000112,CVE-2017-10661,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14140,CVE-2017-14340,CVE-2017-14489,CVE-2017-15102,CVE-2017-15265,CVE-2017-15274,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16649,CVE-2017-8831 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): kernel-docs-3.0.101-108.18.3 SUSE Linux Enterprise Server 11-SP4 (src): kernel-bigmem-3.0.101-108.18.1, kernel-default-3.0.101-108.18.1, kernel-ec2-3.0.101-108.18.1, kernel-pae-3.0.101-108.18.1, kernel-ppc64-3.0.101-108.18.1, kernel-source-3.0.101-108.18.1, kernel-syms-3.0.101-108.18.1, kernel-trace-3.0.101-108.18.1, kernel-xen-3.0.101-108.18.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.18.1, kernel-pae-3.0.101-108.18.1, kernel-ppc64-3.0.101-108.18.1, kernel-trace-3.0.101-108.18.1, kernel-xen-3.0.101-108.18.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.18.1, kernel-default-3.0.101-108.18.1, kernel-ec2-3.0.101-108.18.1, kernel-pae-3.0.101-108.18.1, kernel-ppc64-3.0.101-108.18.1, kernel-trace-3.0.101-108.18.1, kernel-xen-3.0.101-108.18.1
SUSE-SU-2017:3267-1: An update that solves 5 vulnerabilities and has 56 fixes is now available. Category: security (important) Bug References: 1012382,1017461,1020645,1022595,1022600,1022914,1022967,1025461,1028971,1030061,1034048,1037890,1052593,1053919,1055493,1055567,1055755,1055896,1056427,1058135,1058410,1058624,1059051,1059465,1059863,1060197,1060985,1061017,1061046,1061064,1061067,1061172,1061451,1061831,1061872,1062520,1062962,1063460,1063475,1063501,1063509,1063520,1063667,1063695,1064206,1064388,1064701,964944,966170,966172,966186,966191,966316,966318,969474,969475,969476,969477,971975,974590,996376 CVE References: CVE-2017-12153,CVE-2017-13080,CVE-2017-14489,CVE-2017-15265,CVE-2017-15649 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP2 (src): kernel-rt-4.4.95-21.1, kernel-rt_debug-4.4.95-21.1, kernel-source-rt-4.4.95-21.1, kernel-syms-rt-4.4.95-21.1
SUSE-SU-2017:3410-1: An update that solves 16 vulnerabilities and has 92 fixes is now available. Category: security (important) Bug References: 1010201,1012382,1012829,1017461,1020645,1021424,1022595,1022600,1022914,1024412,1025461,1027301,1028971,1030061,1031717,1034048,1037890,1046107,1050060,1050231,1053919,1055567,1056003,1056365,1056427,1056979,1057199,1058135,1059863,1060333,1060682,1060985,1061451,1061756,1062520,1062941,1062962,1063026,1063460,1063475,1063501,1063509,1063516,1063520,1063695,1064206,1064701,1064926,1065180,1065600,1065639,1065692,1065717,1065866,1066045,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1067105,1067132,1067494,1067888,1068671,1068978,1068980,1068982,1069270,1069793,1069942,1069996,1070006,1070145,1070535,1070767,1070771,1070805,1070825,1070964,1071231,1071693,1071694,1071695,1071833,963575,964944,966170,966172,966186,966191,966316,966318,969474,969475,969476,969477,971975,974590,979928,989261,996376 CVE References: CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-15265,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP2 (src): kernel-default-4.4.103-92.53.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): kernel-docs-4.4.103-92.53.1, kernel-obs-build-4.4.103-92.53.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): kernel-default-4.4.103-92.53.1, kernel-source-4.4.103-92.53.1, kernel-syms-4.4.103-92.53.1 SUSE Linux Enterprise Server 12-SP2 (src): kernel-default-4.4.103-92.53.1, kernel-source-4.4.103-92.53.1, kernel-syms-4.4.103-92.53.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12-SP2_Update_16-1-3.3.1 SUSE Linux Enterprise High Availability 12-SP2 (src): kernel-default-4.4.103-92.53.1 SUSE Linux Enterprise Desktop 12-SP2 (src): kernel-default-4.4.103-92.53.1, kernel-source-4.4.103-92.53.1, kernel-syms-4.4.103-92.53.1 OpenStack Cloud Magnum Orchestration 7 (src): kernel-default-4.4.103-92.53.1
SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245 CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
released