{
  "threat_severity" : "Moderate",
  "public_date" : "2018-02-14T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: race condition in snd_seq_write() may lead to UAF or OOB-access",
    "id" : "1550142",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-362",
  "details" : [ "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.", "ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access." ],
  "statement" : "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2018-08-14T00:00:00Z",
    "advisory" : "RHSA-2018:2390",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-754.3.5.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-08-14T00:00:00Z",
    "advisory" : "RHSA-2018:2395",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-862.11.6.rt56.819.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-08-14T00:00:00Z",
    "advisory" : "RHSA-2018:2384",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-862.11.6.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:2948",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-115.el7a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Extended Update Support",
    "release_date" : "2019-06-17T00:00:00Z",
    "advisory" : "RHSA-2019:1483",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.4",
    "package" : "kernel-0:3.10.0-693.50.3.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2019-06-17T00:00:00Z",
    "advisory" : "RHSA-2019:1487",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.50.3.rt56.644.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-7566\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7566" ],
  "name" : "CVE-2018-7566",
  "csaw" : false
}