8 Sep
2017
8 Sep
'17
6:57 p.m.
On Fri, 08 Sep 2017 18:06:25 +0200, grygorii tertychnyi wrote:
Hi Greg,
Could you please apply it for 4.4-stable. This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985
This vulnerability is just non-issue. You can't get it working practically; it requires a modified hardware of the decade old ISA sound card, and yet the system has to load / set up the module beforehand. We should withdraw it from CVE, IMO.
thanks,
Takashi
Takashi Iwai (1): ALSA: msnd: Optimize / harden DSP and MIDI loops
sound/isa/msnd/msnd_midi.c | 30 +++++++++++++++--------------- sound/isa/msnd/msnd_pinnacle.c | 23 ++++++++++++----------- 2 files changed, 27 insertions(+), 26 deletions(-)
-- 2.10.3.dirty