Re: Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265

[Marcus Meissner <meissner () suse de>]

On Wed, Oct 11, 2017 at 03:03:53PM +0200, Marcus Meissner wrote:
> Hi folks,
>
> This kernel issue is being published without embargoe.
> (came via security () kernel org to Takashi@SUSE);
>
> Reported by Michael23 Yu.
>
> https://bugzilla.suse.com/show_bug.cgi?id=1062520
>
> Proposed Patch:
> http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
>
> A use-after-free window in /dev/snd/seq, Mitre has assigned CVE-2017-15265 to it.

The reporter asked to add that this bug was found by ADLab of venustech.
(I was not able to associate him directly before, sorry.)

Ciao, Marcus