[SRU][J/K][PATCH 0/1] CVE-2023-0266
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Feb 14 23:56:37 UTC 2023
[Impact]
There exists a vulnerability triggering trace in ALSA PCM package for
specifically 32-bit machines which consequences in calling a sequence sensitive
function without a lock. This issue may lead to a use-after-free that results
in a priviledge escalation.
[Backport]
Clean cherry pick on both releases.
[Test]
Compile and smoke tested.
[Potential Regression]
Potential regression resides in `control.c` and `control_compat.c` files with
likely low risk.
Clement Lecigne (1):
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
sound/core/control.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list