CVE-2017-9985
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 3.19 | 4.1.45 |
| linux / linux_kernel | 4.2 | 4.4.88 |
| linux / linux_kernel | 4.5 | 4.9.50 |
| linux / linux_kernel | 4.10 | 4.12.13 |
| linux / linux_kernel | - | 3.18.71 |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021
- http://www.securityfocus.com/bid/99335
- https://bugzilla.kernel.org/show_bug.cgi?id=196133
- https://github.com/torvalds/linux/commit/20e2b791796bd68816fa115f12be5320de2b8021
- https://usn.ubuntu.com/3754-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime