The chip_command function in drivers/media/video/tvaudio.c in the Linux
kernel 2.6.25.x before 188.8.131.52, 2.6.26.x before 184.108.40.206, and 2.6.27.x
before 220.127.116.11 allows attackers to cause a denial of service (NULL
function pointer dereference and OOPS) via unknown vectors.
It was discovered that the driver for simple i2c audio interfaces did
not correctly validate certain function pointers. A local user could
exploit this to gain root privileges or crash the system, leading to
a denial of service.
Updated: 2015-10-17 03:31:10 UTC (commit 10086)