{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494"}, {"name": "openSUSE-SU-2016:3118", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"}, {"name": "SUSE-SU-2016:3248", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://patchwork.kernel.org/patch/8752621/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"name": "SUSE-SU-2016:3188", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"}, {"name": "RHSA-2016:2574", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "SUSE-SU-2016:3146", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"}, {"name": "SUSE-SU-2016:3203", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"}, {"name": "SUSE-SU-2016:3217", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"}, {"name": "[oss-security] 20161203 CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/12/03/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"name": "94654", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94654"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"name": "SUSE-SU-2016:3252", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9794", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494"}, {"name": "openSUSE-SU-2016:3118", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"}, {"name": "SUSE-SU-2016:3248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"}, {"name": "https://patchwork.kernel.org/patch/8752621/", "refsource": "CONFIRM", "url": "https://patchwork.kernel.org/patch/8752621/"}, {"name": "https://source.android.com/security/bulletin/2017-05-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"name": "SUSE-SU-2016:3188", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"}, {"name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "SUSE-SU-2016:3146", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"}, {"name": "SUSE-SU-2016:3203", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"}, {"name": "SUSE-SU-2016:3217", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"}, {"name": "[oss-security] 20161203 CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/03/2"}, {"name": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"name": "94654", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94654"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"name": "SUSE-SU-2016:3252", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:59:03.501Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494"}, {"name": "openSUSE-SU-2016:3118", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"}, {"name": "SUSE-SU-2016:3248", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchwork.kernel.org/patch/8752621/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"name": "SUSE-SU-2016:3188", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"}, {"name": "RHSA-2016:2574", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "SUSE-SU-2016:3146", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"}, {"name": "SUSE-SU-2016:3203", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"}, {"name": "SUSE-SU-2016:3217", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"}, {"name": "[oss-security] 20161203 CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/12/03/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"name": "94654", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94654"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"name": "SUSE-SU-2016:3252", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9794", "datePublished": "2016-12-28T07:42:00", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-08-06T02:59:03.501Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A5A178A-A60C-4053-AEE0-5164430206AD", "versionEndExcluding": "3.2.85", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B846CBB-1438-4151-B9FC-816C9548110E", "versionEndExcluding": "3.10.105", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "28A5A1D2-18D9-4F68-9773-16A6850309FA", "versionEndExcluding": "3.12.69", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1331ABAB-8C2B-4379-BA77-B655A5B9A83F", "versionEndExcluding": "3.16.40", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8104AAC1-9700-4372-8E11-37B09309A76F", "versionEndExcluding": "3.18.52", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3661C6BA-77CF-460F-A579-DF66100188E9", "versionEndExcluding": "4.4.37", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE716976-6714-42AC-989C-CA9FE4B8E219", "versionEndExcluding": "4.7", "versionStartIncluding": "4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n snd_pcm_period_elapsed en sound/core/pcm_lib.c en el subsistema de ALSA en el kernel de Linux en versiones anteriores a 4.7 permite a usuarios locales provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de un comando SNDRV_PCM_TRIGGER_START manipulado."}], "id": "CVE-2016-9794", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-28T07:59:00.603", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2016/12/03/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94654"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://patchwork.kernel.org/patch/8752621/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-05-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2016/12/03/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://patchwork.kernel.org/patch/8752621/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://source.android.com/security/bulletin/2017-05-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2574", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-514.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "kernel: ALSA: Use-after-free in kill_fasync", "id": "1401494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401494"}, "csaw": false, "cvss": {"cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.", "A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely."], "name": "CVE-2016-9794", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2016-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9794"], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "threat_severity": "Moderate"}

{}