Bugzilla – Bug 1046601
VUL-1: CVE-2017-9985: kernel: DoS in snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c
Last modified: 2019-05-29 07:48:54 UTC
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux
kernel through 4.11.7 allows local users to cause a denial of service
(over-boundary access) or possibly have unspecified other impact by changing the
value of a message queue head pointer between two kernel reads of that value,
aka a "double fetch" vulnerability.
It's a legacy ISA driver, and it's not supported. Thus it affects at most up to SLE11 Desktop. SLE12+ aren't affected.
IMO, this is no real security problem. See bsc#1046599.
So I push back this as WONTFIX as a non-security issue.
I'm going to address it in the upstream, but it's not worth for backporting.