Vulnerability Details : CVE-2017-0861
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
Published
2017-11-16 23:29:01
Updated
2020-07-15 03:15:18
Vulnerability category: Memory Corruption
Products affected by CVE-2017-0861
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0861
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0861
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-0861
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-0861
-
https://access.redhat.com/errata/RHSA-2018:3096
RHSA-2018:3096 - Security Advisory - Red Hat Customer Portal
-
https://usn.ubuntu.com/3617-2/
USN-3617-2: Linux (HWE) vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/102329
Linux Kernel CVE-2017-0861 Local Privilege Escalation Vulnerability
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020
-
https://access.redhat.com/errata/RHSA-2020:0036
RHSA-2020:0036 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:3083
RHSA-2018:3083 - Security Advisory - Red Hat Customer Portal
-
https://usn.ubuntu.com/3583-1/
USN-3583-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://access.redhat.com/errata/RHSA-2018:2390
RHSA-2018:2390 - Security Advisory - Red Hat Customer Portal
-
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
Security fixes in StruxureWare Data Center Expert v7.6.0 - User assistance for StruxureWare Data Center Expert 7.x - Help Center: Support for EcoStruxure IT, StruxureWare for Data Centers, and NetBotz
-
https://usn.ubuntu.com/3632-1/
USN-3632-1: Linux kernel (Azure) vulnerabilities | Ubuntu security notices
-
https://security-tracker.debian.org/tracker/CVE-2017-0861
CVE-2017-0861
-
https://usn.ubuntu.com/3617-1/
USN-3617-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019
-
http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html
403 Forbidden
-
https://source.android.com/security/bulletin/pixel/2017-11-01
Pixel / Nexus Security Bulletin—November 2017 | Android Open Source ProjectPatch;Vendor Advisory
-
https://usn.ubuntu.com/3619-1/
USN-3619-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/3619-2/
USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/3617-3/
USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229
kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://www.debian.org/security/2018/dsa-4187
Debian -- Security Information -- DSA-4187-1 linux
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
[SECURITY] [DLA 1369-1] linux security update
-
https://usn.ubuntu.com/3583-2/
USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Jump to