CVE-2018-10902
Description
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.079
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| Linux kernel (USN-3776-1) linux-image-aws_4.4.0.1069.71_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-kvm_4.4.0.1035.34_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-generic_4.4.0.137.143_i386.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-generic_4.4.0.137.143_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-lowlatency_4.4.0.137.143_i386.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-lowlatency_4.4.0.137.143_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-4.4.0-1035-kvm_4.4.0-1035.41_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-4.4.0-1069-aws_4.4.0-1069.79_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-4.4.0-137-generic_4.4.0-137.163_i386.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-4.4.0-137-generic_4.4.0-137.163_amd64.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-4.4.0-137-lowlatency_4.4.0-137.163_i386.deb | Linux |
| Linux kernel (USN-3776-1) linux-image-4.4.0-137-lowlatency_4.4.0-137.163_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3776-2) linux-image-aws_4.4.0.1031.31_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3776-2) linux-image-4.4.0-1031-aws_4.4.0-1031.34_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3776-2) linux-image-4.4.0-137-generic_4.4.0-137.163~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3776-2) linux-image-4.4.0-137-generic_4.4.0-137.163~14.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3776-2) linux-image-4.4.0-137-lowlatency_4.4.0-137.163~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3776-2) linux-image-4.4.0-137-lowlatency_4.4.0-137.163~14.04.1_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3820-3) linux-image-azure_4.15.0.1036.23_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-generic_4.15.0.43.45_i386.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-generic_4.15.0.43.45_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-1026-gcp_4.15.0-1026.27_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-1028-kvm_4.15.0-1028.28_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-1030-oem_4.15.0-1030.35_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-1031-aws_4.15.0-1031.33_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-1036-azure_4.15.0-1036.38_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-43-generic_4.15.0-43.46_i386.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-43-generic_4.15.0-43.46_amd64.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-43-lowlatency_4.15.0-43.46_i386.deb | Linux |
| Linux kernel (USN-3847-1) linux-image-4.15.0-43-lowlatency_4.15.0-43.46_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-aws-hwe_4.15.0.1031.32_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-1026-gcp_4.15.0-1026.27~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-1031-aws_4.15.0-1031.33~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-1036-azure_4.15.0-1036.38~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-generic_4.15.0-43.46~16.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-generic_4.15.0-43.46~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-generic-hwe-16.04_4.15.0.43.64_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-generic-hwe-16.04_4.15.0.43.64_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-lowlatency_4.15.0-43.46~16.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-lowlatency_4.15.0-43.46~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-lowlatency-hwe-16.04_4.15.0.43.64_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-lowlatency-hwe-16.04_4.15.0.43.64_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3847-3) linux-image-azure_4.15.0.1036.23_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3847-3) linux-image-4.15.0-1036-azure_4.15.0-1036.38~14.04.2_amd64.deb | Linux |
| Linux kernel (USN-3849-1) linux-image-generic_3.13.0.164.174_i386.deb | Linux |
| Linux kernel (USN-3849-1) linux-image-generic_3.13.0.164.174_amd64.deb | Linux |
| Linux kernel (USN-3849-1) linux-image-3.13.0-164-generic_3.13.0-164.214_i386.deb | Linux |
| Linux kernel (USN-3849-1) linux-image-3.13.0-164-generic_3.13.0-164.214_amd64.deb | Linux |
| Linux kernel (USN-3849-1) linux-image-3.13.0-164-lowlatency_3.13.0-164.214_i386.deb | Linux |
| Linux kernel (USN-3849-1) linux-image-3.13.0-164-lowlatency_3.13.0-164.214_amd64.deb | Linux |
| SUSE-SU-2018:2907-1(SUSE Linux Enterprise Server 11-EXTRA ) kernel-bigsmp-extra-3.0.101-0.47.106.50.1.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-118.28.1.el6uek update (ELSA-2018-4300) dtrace-modules-3.8.13-118.28.1.el6uek-0.4.5-3.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-118.28.1.el7uek update (ELSA-2018-4300) dtrace-modules-3.8.13-118.28.1.el7uek-0.4.5-3.el7.x86_64.rpm | Linux |
| CVE-2018-10902 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234