The Linux kernel team has released a patch to fix a security bug that could allow an attacker to execute code with elevated privileges.
The issue — tracked as CVE-2017-15265 — is a use-after-free memory corruption issue that affects ALSA (Advanced Linux Sound Architecture), a software framework included in the Linux kernel that provides an API for sound card drivers.
In layman’s terms, the bug takes place because the kernel ALSA code allowed an attacker to call a function, delete its output, but still use the output in another function. This is known as a user-after-free vulnerability, a known attack vector, and a common memory management issue.
ALSA developers provide an in-depth explanation for the bug and patch in the ALSA mailing list. Venustech ADLab (Active-Defense Lab) researchers discovered the bug.
There are good news and bad news. The good news is that the attacker needs a foothold on a vulnerable machine.
This requires infecting the user through malware or other tactics. The bad news is that the attacker can use the ALSA kernel flaw to elevate access from a limited user account to root privileges.
The Linux kernel team has fixed the issue in v4.13.4-2, and the patch is currently trickling down to the multitude of Linux distros, such as Red Hat, Debian, Ubuntu, Suse, and others.
Submitted by: Arnfried Walbrecht