Main Vulnerability Database SB2018042050

SB2018042050 - SUSE Linux update for the Linux Kernel

Published: April 20, 2018

Security Bulletin ID SB2018042050

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory corruption (CVE-ID: CVE-2018-7566)

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00018.html