1. 9
    CVE-2016-2384: arbitrary code execution due to a double-free in the usb-midi linux kernel driver linux security xairy.github.io
    lattera avatar via lattera 2 years ago | cached | 3 comments

  1.  

  2. 6
    jcs avatar jcs 2 years ago | link

    MIDI is having a bad month.

    1. 1
      napkindrawing avatar napkindrawing 2 years ago | link

      Another writeup of the vulnerability

      Overview:

      This post describes an exploitable vulnerability (CVE-2016-2384) in the usb-midi Linux kernel driver. The vulnerability is present only if the usb-midi module is enabled, but as far as I can see many modern distributions do this. The bug has been fixed upstream.

      1. 1
        rodolfo avatar rodolfo 2 years ago | link

        Could be worse, still needs physical access with USB :-P