CVE-2018-10902

Priority
Description
It was found that the raw midi kernel driver does not protect against
concurrent access which leads to a double realloc (double free) in
snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part
of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local
attacker could possibly use this for privilege escalation.
Ubuntu-Description
It was discovered that a race condition existed in the raw MIDI driver for
the Linux kernel, leading to a double free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):released (3.13.0-164.214)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-137.163)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-43.46)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
39675f7a7c7e7702f7d5341f1e0d01db746543a0
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-1031.34)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1069.79)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1031.33)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1031.33~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.15.0-1036.38~14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1036.38~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1036.38)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.18.0-1006.6~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1006.6~18.04.1)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1026.27~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1026.27)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1004.5~18.04.1)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-43.46~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-13.14~18.04.1)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-43.46~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-13.14~18.04.1)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1035.41)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1028.28)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-164.214~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-137.163~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1030.35)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.15.0-1007.9~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1007.9)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1098.106)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1030.32)
Package
Upstream:released (4.18~rc6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1102.107)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2020-03-18 22:51:04 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)