From: Steve Beattie
Date: 2018年10月23日 週二 上午11:50
...
Luo Quan and Wei Yang discovered that a race condition existed in the
Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when
handling ioctl()s. A local attacker could use this to cause a denial of
service (system deadlock). (CVE-2018-1000004)
范龙飞 discovered that a race condition existed in the Advanced Linux
Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to
a use- after-free or an out-of-bounds buffer access. A local attacker with
access to /dev/snd/seq could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-7566)
It was discovered that a buffer overflow existed in the NFC Logical Link
Control Protocol (llcp) implementation in the Linux kernel. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-9518)
...
References:
https://usn.ubuntu.com/usn/usn-3798-1
CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299,
CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518