漏洞标题
ALSA: seq: 修复snd_seq_timer_open()的竞态条件
漏洞描述信息
在Linux内核中,已解决以下漏洞:
ALSA: seq: 修复snd_seq_timer_open()的竞态问题
每个队列中的定时器实例是排他性的,因此snd_seq_timer_open()应该管理并发访问。但是,它似乎在开始时检查已经存在的定时器实例,但这并不正确,因为没有保护措施,因此任何稍后的并发调用snd_seq_timer_open()都可能轻易地覆盖定时器实例。这可能导致未初始化的访问,因为残留的定时器实例可以在队列本身关闭的情况下继续运行,这最近被syzkaller发现。
为了避免竞态问题,再次在tmr->timeri的赋值处添加适当的检查,并在已注册时返回-EBUSY。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
漏洞类别
使用共享资源的并发执行不恰当同步问题(竞争条件)
漏洞标题
ALSA: seq: Fix race of snd_seq_timer_open()
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
ALSA: seq: Fix race of snd_seq_timer_open()
The timer instance per queue is exclusive, and snd_seq_timer_open()
should have managed the concurrent accesses. It looks as if it's
checking the already existing timer instance at the beginning, but
it's not right, because there is no protection, hence any later
concurrent call of snd_seq_timer_open() may override the timer
instance easily. This may result in UAF, as the leftover timer
instance can keep running while the queue itself gets closed, as
spotted by syzkaller recently.
For avoiding the race, add a proper check at the assignment of
tmr->timeri again, and return -EBUSY if it's been already registered.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于内存释放后重用。
CVSS信息
N/A
漏洞类别
其他