A local privilege escalation vulnerability has been discovered inwards Linux kernel
The flaw (CVE-2017-15265) be inwards the ALSA (Advanced Linux Sound Architecture), which is a software framework included inwards the Linux inwardness that gives an API for audio bill of fare drivers.
The effect takes house because the inwardness ALSA code enabled an assailant to telephone phone a function, take its output, but all the same utilisation the output inwards a dissimilar function. This is called user-after-free vulnerability, which is a known laid on vector, in addition to a mutual retention administration issue.
A successful exploit could enable the assailant to obtain elevated privileges on the targeted system.
According to the researchers :
“There is a potential race window opened at creating in addition to deleting a port via ioctl, every bit spotted yesteryear fuzzing. snd_seq_create_port() creates a port object in addition to returns its pointer, but it doesn’t receive got the refcount, thence it tin last deleted at 1 time yesteryear about other thread. Meanwhile, snd_seq_ioctl_create_port() all the same calls the business office snd_seq_system_client_ev_port_start() alongside the created port object that is beingness deleted, in addition to this triggers use-after-free”
The effect has been fixed inwards Linux inwardness version 4.13.4-2, it was fixed simply yesteryear taking the refcount correctly at “snd_seq_create_port()” in addition to letting the caller unref the object later on use.