{
  "threat_severity" : "Important",
  "public_date" : "2018-08-21T03:28:00Z",
  "bugzilla" : {
    "description" : "kernel: MIDI driver race condition leads to a double-free",
    "id" : "1590720",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1590720"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.", "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation." ],
  "statement" : "This flaw affects all current shipping releases of Red Hat Enterprise Linux. This flaw requires real or emulated midi hardware available in the system. Fixes will be delivered when available.",
  "acknowledgement" : "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-02-26T00:00:00Z",
    "advisory" : "RHSA-2019:0415",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-754.11.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3096",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-957.rt56.910.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3083",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-957.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-10-29T00:00:00Z",
    "advisory" : "RHSA-2019:3217",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-115.14.1.el7a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2019-11-26T00:00:00Z",
    "advisory" : "RHSA-2019:3967",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "kernel-0:3.10.0-862.44.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2019-03-26T00:00:00Z",
    "advisory" : "RHSA-2019:0641",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.46.1.rt56.639.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-10902\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10902" ],
  "name" : "CVE-2018-10902",
  "csaw" : false
}