漏洞标题
ALSA: 时钟:设置启动计时时间的下限
漏洞描述信息
在Linux内核中,已解决了以下漏洞:
ALSA:定时器:设置启动计时时间的下限
当前,ALSA定时器没有启动计时时间的下限,允许非常小的大小,例如具有1ns分辨率的hrtimer中的1个计时器。这种状况可能导致意外的RCU停滞,其中回调会反复排队过期更新,这已被模糊器报告。
此补丁引入了对定时器启动计时时间的合理性检查,当设置过小的启动大小时,系统会返回错误。到目前为止,下限被硬编码为100us,虽然足够小,但仍然可以在某种方式下工作。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
不加限制或调节的资源分配
漏洞标题
ALSA: timer: Set lower bound of start tick time
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
ALSA: timer: Set lower bound of start tick time
Currently ALSA timer doesn't have the lower limit of the start tick
time, and it allows a very small size, e.g. 1 tick with 1ns resolution
for hrtimer. Such a situation may lead to an unexpected RCU stall,
where the callback repeatedly queuing the expire update, as reported
by fuzzer.
This patch introduces a sanity check of the timer start tick time, so
that the system returns an error when a too small start size is set.
As of this patch, the lower limit is hard-coded to 100us, which is
small enough but can still work somehow.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ALSA 定时器没有启动时间的下限。
CVSS信息
N/A
漏洞类别
其他