Takashi Iwai

14 exploits Active since Dec 2016
CVE-2017-1000380 WRITEUP MEDIUM WRITEUP
Linux kernel <4.11.5 - Info Disclosure
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
CVSS 5.5
CVE-2023-0266 WRITEUP HIGH WRITEUP
Linux Kernel >=4.14 <4.14.303 - Use-After-Free in ALSA PCM via Missing Locks
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVSS 7.9
CVE-2023-0266 WRITEUP HIGH WRITEUP
Linux Kernel >=4.14 <4.14.303 - Use-After-Free in ALSA PCM via Missing Locks
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVSS 7.9
CVE-2016-9794 WRITEUP HIGH WRITEUP
Linux Kernel < 3.2.85 - Use-After-Free via ALSA SNDRV_PCM_TRIGGER_START Command
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
CVSS 7.8
CVE-2017-1000380 WRITEUP MEDIUM WRITEUP
Linux kernel <4.11.5 - Info Disclosure
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
CVSS 5.5
CVE-2017-15265 WRITEUP HIGH WRITEUP
Linux Kernel < 4.13.8 - Use-After-Free via ALSA Subsystem ioctl Calls
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
CVSS 7.0
CVE-2017-16527 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.8 - Use-After-Free in USB Mixer Interrupt Handler
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.6
CVE-2017-16528 WRITEUP MEDIUM WRITEUP
Linux kernel <4.13.4 - Use After Free
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.6
CVE-2017-16529 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.6 - Out-of-bounds Read via Crafted USB Device
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.6
CVE-2017-9984 WRITEUP HIGH WRITEUP
Linux Kernel < 3.18.71 - Out-of-bounds Read in snd_msnd_interrupt
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
CVSS 7.8
CVE-2017-9985 WRITEUP HIGH WRITEUP
Linux Kernel < 3.18.71 - Out-of-bounds Read in snd_msndmidi_input_read
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
CVSS 7.8
CVE-2018-19824 WRITEUP HIGH WRITEUP
Linux kernel <4.19.6 - Use After Free
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
CVSS 7.8
CVE-2019-19807 WRITEUP HIGH WRITEUP
Linux Kernel 4.9.199-4.9.200 - Use-After-Free in Sound Timer Component
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
CVSS 7.8
CVE-2023-3159 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.18 - Use-After-Free in Firewire Driver
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
CVSS 6.7