CVE-2010-3080

Priority
Medium
Description
Double free vulnerability in the snd_seq_oss_open function in
sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4
might allow local users to cause a denial of service or possibly have
unspecified other impact via an unsuccessful attempt to open the
/dev/sequencer device.
Ubuntu-Description
Tavis Ormandy discovered that the OSS sequencer device did not correctly
shut down. A local attacker could exploit this to crash the system or
possibly gain root privileges.
References
Assigned-to
sconklin
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Patches:
Dapper:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-3080/patches/dapper/linux/0001-ALSA-seq-oss-Fix-double-free-at-error-path-of-snd_seq_.txt
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-309.18)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-216.33)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.35-25.44~lucid1)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-28.80)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-25.45)
Ubuntu 11.04 (Natty Narwhal):not-affected
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=c598337660c21c0afaa9df5a65bb4a7a0cf15be8
Hardy:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-3080/patches/hardy/linux/0001-ALSA-seq-oss-Fix-double-free-at-error-path-of-snd_seq_.txt
Jaunty:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-3080/patches/jaunty/linux/0001-ALSA-seq-oss-Fix-double-free-at-error-path-of-snd_seq_.txt
Karmic:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-3080/patches/karmic/linux/0001-ALSA-seq-oss-Fix-double-free-at-error-path-of-snd_seq_.txt
Lucid:http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-3080/patches/lucid/linux/0001-ALSA-seq-oss-Fix-double-free-at-error-path-of-snd_seq_.txt
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.31-608.22)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:17 UTC (commit 5347)