CVE-2017-16528 in Ubuntu

CVE-2017-16528

Priority

Description

sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local
users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free
and system crash) or possibly have unspecified other impact via a crafted
USB device.

Ubuntu-Description

It was discovered that the Advanced Linux Sound Architecture (ALSA)
subsystem in the Linux kernel contained a use-after-free when handling
device removal. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16528
https://github.com/torvalds/linux/commit/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57
https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ
https://ubuntu.com/security/notices/USN-3619-1
https://ubuntu.com/security/notices/USN-3619-2

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.13.0-16.19)
Ubuntu 16.04 ESM:	released (4.4.0-119.143)
Ubuntu 14.04 ESM:	not-affected

Patches:

Introduced by

68ab61084de3220e2fb0a698c890ba91decddc85

Fixed by

fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.4.0-1054.63)
Ubuntu 14.04 ESM:	released (4.4.0-1016.16)

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.13.0-1005.7)
Ubuntu 14.04 ESM:	not-affected (4.15.0-1023.24~14.04.1)

Patches:

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1001.1)
Ubuntu 16.04 ESM:	released (4.13.0-1002.5)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	released (4.18.0-8.9~18.04.1)
Ubuntu 16.04 ESM:	released (4.13.0-26.29~16.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.2)
Ubuntu 16.04 ESM:	released (4.4.0-1020.25)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [was needs-triage now end-of-life])

Patches:

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [out of standard support])

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-119.143~14.04.1)

Patches:

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was ignored [abandoned])

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1002.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected (4.13.0-1005.5)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	not-affected
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.14~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 12:56:58 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)