** Changed in: linux-snapdragon (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Wily)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Xenial)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Trusty)
Importance: Undecided => Medium
** Description changed:
- snd_seq_ioctl_remove_events() calls snd_seq_fifo_clear() unconditionally
- even if there is no FIFO assigned, and this leads to an Oops due to NULL
- dereference.
+ The snd_seq_ioctl_remove_events function in
+ sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not
+ verify FIFO assignment before proceeding with FIFO clearing, which
+ allows local users to cause a denial of service (NULL pointer
+ dereference and OOPS) via a crafted ioctl call.
Break-Fix: - 030e2c78d3a91dd0d27fef37e91950dde333eba1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549181
Title:
CVE-2016-2543
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1549181/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
