CVE-2018-10902 - It was found that the raw midi kernel driver does not protect against concurrent access which leads

CVE-2018-10902

Summary

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

References

Vulnerable Configurations

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 12-02-2023 - 23:31)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1590720
title	CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

comment kernel earlier than 0:2.6.32-754.11.1.el6 is currently running
oval oval:com.redhat.rhsa:tst:20190415027
comment kernel earlier than 0:2.6.32-754.11.1.el6 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20190415028

AND
comment kernel is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415001
comment kernel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842002

AND

comment kernel-abi-whitelists is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415003
comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131645004

AND

comment kernel-bootwrapper is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415005
comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842004

AND

comment kernel-debug is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415007
comment kernel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842006

AND

comment kernel-debug-devel is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415009
comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842008

AND

comment kernel-devel is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415011
comment kernel-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842010

AND

comment kernel-doc is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415013
comment kernel-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842012

AND

comment kernel-firmware is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415015
comment kernel-firmware is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842014

AND

comment kernel-headers is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415017
comment kernel-headers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842016

AND

comment kernel-kdump is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415019
comment kernel-kdump is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842018

AND

comment kernel-kdump-devel is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415021
comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842020

AND
comment perf is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415023
comment perf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842022

AND

comment python-perf is earlier than 0:2.6.32-754.11.1.el6
oval oval:com.redhat.rhsa:tst:20190415025
comment python-perf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111530024

rhsa

id	RHSA-2019:0415
released	2019-02-26
severity	Important
title	RHSA-2019:0415: kernel security and bug fix update (Important)

rhsa
id RHSA-2018:3083
rhsa
id RHSA-2018:3096
rhsa
id RHSA-2019:0641
rhsa
id RHSA-2019:3217
rhsa
id RHSA-2019:3967

rpms

bpftool-0:3.10.0-957.el7
kernel-0:3.10.0-957.el7
kernel-abi-whitelists-0:3.10.0-957.el7
kernel-bootwrapper-0:3.10.0-957.el7
kernel-debug-0:3.10.0-957.el7
kernel-debug-debuginfo-0:3.10.0-957.el7
kernel-debug-devel-0:3.10.0-957.el7
kernel-debuginfo-0:3.10.0-957.el7
kernel-debuginfo-common-ppc64-0:3.10.0-957.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-957.el7
kernel-debuginfo-common-s390x-0:3.10.0-957.el7
kernel-debuginfo-common-x86_64-0:3.10.0-957.el7
kernel-devel-0:3.10.0-957.el7
kernel-doc-0:3.10.0-957.el7
kernel-headers-0:3.10.0-957.el7
kernel-kdump-0:3.10.0-957.el7
kernel-kdump-debuginfo-0:3.10.0-957.el7
kernel-kdump-devel-0:3.10.0-957.el7
kernel-tools-0:3.10.0-957.el7
kernel-tools-debuginfo-0:3.10.0-957.el7
kernel-tools-libs-0:3.10.0-957.el7
perf-0:3.10.0-957.el7
perf-debuginfo-0:3.10.0-957.el7
python-perf-0:3.10.0-957.el7
python-perf-debuginfo-0:3.10.0-957.el7
kernel-rt-0:3.10.0-957.rt56.910.el7
kernel-rt-debug-0:3.10.0-957.rt56.910.el7
kernel-rt-debug-debuginfo-0:3.10.0-957.rt56.910.el7
kernel-rt-debug-devel-0:3.10.0-957.rt56.910.el7
kernel-rt-debug-kvm-0:3.10.0-957.rt56.910.el7
kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
kernel-rt-debuginfo-0:3.10.0-957.rt56.910.el7
kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.rt56.910.el7
kernel-rt-devel-0:3.10.0-957.rt56.910.el7
kernel-rt-doc-0:3.10.0-957.rt56.910.el7
kernel-rt-kvm-0:3.10.0-957.rt56.910.el7
kernel-rt-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
kernel-rt-trace-0:3.10.0-957.rt56.910.el7
kernel-rt-trace-debuginfo-0:3.10.0-957.rt56.910.el7
kernel-rt-trace-devel-0:3.10.0-957.rt56.910.el7
kernel-rt-trace-kvm-0:3.10.0-957.rt56.910.el7
kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
kernel-0:2.6.32-754.11.1.el6
kernel-abi-whitelists-0:2.6.32-754.11.1.el6
kernel-bootwrapper-0:2.6.32-754.11.1.el6
kernel-debug-0:2.6.32-754.11.1.el6
kernel-debug-debuginfo-0:2.6.32-754.11.1.el6
kernel-debug-devel-0:2.6.32-754.11.1.el6
kernel-debuginfo-0:2.6.32-754.11.1.el6
kernel-debuginfo-common-i686-0:2.6.32-754.11.1.el6
kernel-debuginfo-common-ppc64-0:2.6.32-754.11.1.el6
kernel-debuginfo-common-s390x-0:2.6.32-754.11.1.el6
kernel-debuginfo-common-x86_64-0:2.6.32-754.11.1.el6
kernel-devel-0:2.6.32-754.11.1.el6
kernel-doc-0:2.6.32-754.11.1.el6
kernel-firmware-0:2.6.32-754.11.1.el6
kernel-headers-0:2.6.32-754.11.1.el6
kernel-kdump-0:2.6.32-754.11.1.el6
kernel-kdump-debuginfo-0:2.6.32-754.11.1.el6
kernel-kdump-devel-0:2.6.32-754.11.1.el6
perf-0:2.6.32-754.11.1.el6
perf-debuginfo-0:2.6.32-754.11.1.el6
python-perf-0:2.6.32-754.11.1.el6
python-perf-debuginfo-0:2.6.32-754.11.1.el6
kernel-rt-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-debug-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-debug-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-debug-devel-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-devel-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-doc-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-firmware-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-trace-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-trace-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-trace-devel-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-vanilla-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-vanilla-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-rt-vanilla-devel-1:3.10.0-693.46.1.rt56.639.el6rt
kernel-0:4.14.0-115.14.1.el7a
kernel-abi-whitelists-0:4.14.0-115.14.1.el7a
kernel-bootwrapper-0:4.14.0-115.14.1.el7a
kernel-debug-0:4.14.0-115.14.1.el7a
kernel-debug-debuginfo-0:4.14.0-115.14.1.el7a
kernel-debug-devel-0:4.14.0-115.14.1.el7a
kernel-debuginfo-0:4.14.0-115.14.1.el7a
kernel-debuginfo-common-aarch64-0:4.14.0-115.14.1.el7a
kernel-debuginfo-common-ppc64le-0:4.14.0-115.14.1.el7a
kernel-debuginfo-common-s390x-0:4.14.0-115.14.1.el7a
kernel-devel-0:4.14.0-115.14.1.el7a
kernel-doc-0:4.14.0-115.14.1.el7a
kernel-headers-0:4.14.0-115.14.1.el7a
kernel-kdump-0:4.14.0-115.14.1.el7a
kernel-kdump-debuginfo-0:4.14.0-115.14.1.el7a
kernel-kdump-devel-0:4.14.0-115.14.1.el7a
kernel-tools-0:4.14.0-115.14.1.el7a
kernel-tools-debuginfo-0:4.14.0-115.14.1.el7a
kernel-tools-libs-0:4.14.0-115.14.1.el7a
kernel-tools-libs-devel-0:4.14.0-115.14.1.el7a
perf-0:4.14.0-115.14.1.el7a
perf-debuginfo-0:4.14.0-115.14.1.el7a
python-perf-0:4.14.0-115.14.1.el7a
python-perf-debuginfo-0:4.14.0-115.14.1.el7a
kernel-0:3.10.0-862.44.2.el7
kernel-abi-whitelists-0:3.10.0-862.44.2.el7
kernel-bootwrapper-0:3.10.0-862.44.2.el7
kernel-debug-0:3.10.0-862.44.2.el7
kernel-debug-debuginfo-0:3.10.0-862.44.2.el7
kernel-debug-devel-0:3.10.0-862.44.2.el7
kernel-debuginfo-0:3.10.0-862.44.2.el7
kernel-debuginfo-common-ppc64-0:3.10.0-862.44.2.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-862.44.2.el7
kernel-debuginfo-common-s390x-0:3.10.0-862.44.2.el7
kernel-debuginfo-common-x86_64-0:3.10.0-862.44.2.el7
kernel-devel-0:3.10.0-862.44.2.el7
kernel-doc-0:3.10.0-862.44.2.el7
kernel-headers-0:3.10.0-862.44.2.el7
kernel-kdump-0:3.10.0-862.44.2.el7
kernel-kdump-debuginfo-0:3.10.0-862.44.2.el7
kernel-kdump-devel-0:3.10.0-862.44.2.el7
kernel-tools-0:3.10.0-862.44.2.el7
kernel-tools-debuginfo-0:3.10.0-862.44.2.el7
kernel-tools-libs-0:3.10.0-862.44.2.el7
kernel-tools-libs-devel-0:3.10.0-862.44.2.el7
perf-0:3.10.0-862.44.2.el7
perf-debuginfo-0:3.10.0-862.44.2.el7
python-perf-0:3.10.0-862.44.2.el7
python-perf-debuginfo-0:3.10.0-862.44.2.el7

refmap via4

bid	105119
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902
debian	DSA-4308
misc	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0
mlist	[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
sectrack	1041529
ubuntu	USN-3776-1 USN-3776-2 USN-3847-1 USN-3847-2 USN-3847-3 USN-3849-1 USN-3849-2

Last major update

12-02-2023 - 23:31

Published

21-08-2018 - 19:29

Last modified

12-02-2023 - 23:31