Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Sounds painful: Audio code bug lets users, apps get root on Linux

Cisco discusses Advanced Linux Sound Architecture mess before formal CVE release

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).

The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release:

“The vulnerability is due to a use-after-free memory error in the ALSA sequencer interface of the affected application. An attacker could exploit this vulnerability by running a crafted application on a targeted system. A successful exploit could allow the attacker to gain elevated privileges on the targeted system.”

The bug can be potentially exploited by malicious software running on a vulnerable box, or logged-in users, to gain root-level control of the system. A patch for the programming blunder was publicly merged earlier this month into the ALSA git tree, according to this discussion at SUSE's Bugzilla.

Turned up by ADLab of Venustech, the use-after-free vulnerability is triggered by a slip-up in snd_seq_create_port().

That routine “creates a port object and returns its pointer, but it doesn't take the refcount, thus it can be deleted immediately by another thread. Meanwhile, snd_seq_ioctl_create_port() still calls the function snd_seq_system_client_ev_port_start() with the created port object that is being deleted, and this triggers use-after-free”.

While it's only exploitable locally, the privilege escalation is what earned the bug a “high” severity rating, and of course everybody using a downstream distribution that embeds the vulnerable ALSA will have to push patches. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like