** Changed in: linux-snapdragon (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Wily)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Xenial)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Trusty)
Importance: Undecided => Medium
** Description changed:
- A slave timer instance might be still accessible in a racy way while
- operating the master instance as it lacks of locking. Since the master
- operation is mostly protected with timer->lock, we should cope with it
- while changing the slave instance, too.
+ sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking
+ approach that does not consider slave timer instances, which allows
+ local users to cause a denial of service (race condition, use-after-
+ free, and system crash) via a crafted ioctl call.
Break-Fix: - b5a663aa426f4884c71cd8580adae73f33570f0d
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549190
Title:
CVE-2016-2547
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1549190/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
