** Changed in: linux-snapdragon (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Wily)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Xenial)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Yakkety)
Importance: Undecided => Medium
** Changed in: linux-snapdragon (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Trusty)
Importance: Undecided => Medium
** Description changed:
- ALSA timer instance object has a couple of linked lists and they are
- unlinked unconditionally at snd_timer_stop(). Meanwhile
- snd_timer_interrupt() unlinks it, but it calls list_del() which leaves
- the element list itself unchanged. This ends up with unlinking twice,
- and it was caught by syzkaller fuzzer.
+ The snd_timer_interrupt function in sound/core/timer.c in the Linux
+ kernel before 4.4.1 does not properly maintain a certain linked list,
+ which allows local users to cause a denial of service (race condition
+ and system crash) via a crafted ioctl call.
Break-Fix: - ee8413b01045c74340aa13ad5bdf905de32be736
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549184
Title:
CVE-2016-2545
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1549184/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
