The chip_command function in drivers/media/video/tvaudio.c in the Linux
kernel 2.6.25.x before 18.104.22.168, 2.6.26.x before 22.214.171.124, and 2.6.27.x
before 126.96.36.199 allows attackers to cause a denial of service (NULL
function pointer dereference and OOPS) via unknown vectors.
It was discovered that the driver for simple i2c audio interfaces did
not correctly validate certain function pointers. A local user could
exploit this to gain root privileges or crash the system, leading to
a denial of service.
Updated: 2016-03-23 03:32:34 UTC (commit 10817)