ID CVE-2018-10902
Summary It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 09-10-2019 - 23:33)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1590720
    title CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • comment kernel earlier than 0:2.6.32-754.11.1.el6 is currently running
          oval oval:com.redhat.rhsa:tst:20190415027
        • comment kernel earlier than 0:2.6.32-754.11.1.el6 is set to boot up on next boot
          oval oval:com.redhat.rhsa:tst:20190415028
      • OR
        • AND
          • comment kernel is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415001
          • comment kernel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842002
        • AND
          • comment kernel-abi-whitelists is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415003
          • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131645004
        • AND
          • comment kernel-bootwrapper is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415005
          • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842004
        • AND
          • comment kernel-debug is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415007
          • comment kernel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842006
        • AND
          • comment kernel-debug-devel is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415009
          • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842008
        • AND
          • comment kernel-devel is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415011
          • comment kernel-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842010
        • AND
          • comment kernel-doc is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415013
          • comment kernel-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842012
        • AND
          • comment kernel-firmware is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415015
          • comment kernel-firmware is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842014
        • AND
          • comment kernel-headers is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415017
          • comment kernel-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842016
        • AND
          • comment kernel-kdump is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415019
          • comment kernel-kdump is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842018
        • AND
          • comment kernel-kdump-devel is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415021
          • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842020
        • AND
          • comment perf is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415023
          • comment perf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842022
        • AND
          • comment python-perf is earlier than 0:2.6.32-754.11.1.el6
            oval oval:com.redhat.rhsa:tst:20190415025
          • comment python-perf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111530024
    rhsa
    id RHSA-2019:0415
    released 2019-02-26
    severity Important
    title RHSA-2019:0415: kernel security and bug fix update (Important)
  • rhsa
    id RHSA-2018:3083
  • rhsa
    id RHSA-2018:3096
  • rhsa
    id RHSA-2019:0641
  • rhsa
    id RHSA-2019:3217
  • rhsa
    id RHSA-2019:3967
rpms
  • bpftool-0:3.10.0-957.el7
  • kernel-0:3.10.0-957.el7
  • kernel-abi-whitelists-0:3.10.0-957.el7
  • kernel-bootwrapper-0:3.10.0-957.el7
  • kernel-debug-0:3.10.0-957.el7
  • kernel-debug-debuginfo-0:3.10.0-957.el7
  • kernel-debug-devel-0:3.10.0-957.el7
  • kernel-debuginfo-0:3.10.0-957.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.el7
  • kernel-devel-0:3.10.0-957.el7
  • kernel-doc-0:3.10.0-957.el7
  • kernel-headers-0:3.10.0-957.el7
  • kernel-kdump-0:3.10.0-957.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.el7
  • kernel-kdump-devel-0:3.10.0-957.el7
  • kernel-tools-0:3.10.0-957.el7
  • kernel-tools-debuginfo-0:3.10.0-957.el7
  • kernel-tools-libs-0:3.10.0-957.el7
  • kernel-tools-libs-devel-0:3.10.0-957.el7
  • perf-0:3.10.0-957.el7
  • perf-debuginfo-0:3.10.0-957.el7
  • python-perf-0:3.10.0-957.el7
  • python-perf-debuginfo-0:3.10.0-957.el7
  • kernel-rt-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-devel-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.rt56.910.el7
  • kernel-rt-devel-0:3.10.0-957.rt56.910.el7
  • kernel-rt-doc-0:3.10.0-957.rt56.910.el7
  • kernel-rt-kvm-0:3.10.0-957.rt56.910.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-devel-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-0:2.6.32-754.11.1.el6
  • kernel-abi-whitelists-0:2.6.32-754.11.1.el6
  • kernel-bootwrapper-0:2.6.32-754.11.1.el6
  • kernel-debug-0:2.6.32-754.11.1.el6
  • kernel-debug-debuginfo-0:2.6.32-754.11.1.el6
  • kernel-debug-devel-0:2.6.32-754.11.1.el6
  • kernel-debuginfo-0:2.6.32-754.11.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.11.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.11.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.11.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.11.1.el6
  • kernel-devel-0:2.6.32-754.11.1.el6
  • kernel-doc-0:2.6.32-754.11.1.el6
  • kernel-firmware-0:2.6.32-754.11.1.el6
  • kernel-headers-0:2.6.32-754.11.1.el6
  • kernel-kdump-0:2.6.32-754.11.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.11.1.el6
  • kernel-kdump-devel-0:2.6.32-754.11.1.el6
  • perf-0:2.6.32-754.11.1.el6
  • perf-debuginfo-0:2.6.32-754.11.1.el6
  • python-perf-0:2.6.32-754.11.1.el6
  • python-perf-debuginfo-0:2.6.32-754.11.1.el6
  • kernel-rt-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-debug-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-devel-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-doc-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-firmware-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-trace-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.46.1.rt56.639.el6rt
  • kernel-0:4.14.0-115.14.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.14.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.14.1.el7a
  • kernel-debug-0:4.14.0-115.14.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-debug-devel-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.14.1.el7a
  • kernel-devel-0:4.14.0-115.14.1.el7a
  • kernel-doc-0:4.14.0-115.14.1.el7a
  • kernel-headers-0:4.14.0-115.14.1.el7a
  • kernel-kdump-0:4.14.0-115.14.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.14.1.el7a
  • kernel-tools-0:4.14.0-115.14.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-tools-libs-0:4.14.0-115.14.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.14.1.el7a
  • perf-0:4.14.0-115.14.1.el7a
  • perf-debuginfo-0:4.14.0-115.14.1.el7a
  • python-perf-0:4.14.0-115.14.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-0:3.10.0-862.44.2.el7
  • kernel-abi-whitelists-0:3.10.0-862.44.2.el7
  • kernel-bootwrapper-0:3.10.0-862.44.2.el7
  • kernel-debug-0:3.10.0-862.44.2.el7
  • kernel-debug-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-debug-devel-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.44.2.el7
  • kernel-devel-0:3.10.0-862.44.2.el7
  • kernel-doc-0:3.10.0-862.44.2.el7
  • kernel-headers-0:3.10.0-862.44.2.el7
  • kernel-kdump-0:3.10.0-862.44.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-kdump-devel-0:3.10.0-862.44.2.el7
  • kernel-tools-0:3.10.0-862.44.2.el7
  • kernel-tools-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-tools-libs-0:3.10.0-862.44.2.el7
  • kernel-tools-libs-devel-0:3.10.0-862.44.2.el7
  • perf-0:3.10.0-862.44.2.el7
  • perf-debuginfo-0:3.10.0-862.44.2.el7
  • python-perf-0:3.10.0-862.44.2.el7
  • python-perf-debuginfo-0:3.10.0-862.44.2.el7
refmap via4
bid 105119
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902
debian DSA-4308
misc https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0
mlist [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
sectrack 1041529
ubuntu
  • USN-3776-1
  • USN-3776-2
  • USN-3847-1
  • USN-3847-2
  • USN-3847-3
  • USN-3849-1
  • USN-3849-2
Last major update 09-10-2019 - 23:33
Published 21-08-2018 - 19:29
Last modified 09-10-2019 - 23:33
Back to Top