PublicDate: 2008-08-08 18:41:00 UTC
Candidate: CVE-2008-3272
References: 
 https://ubuntu.com/security/notices/USN-637-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
Description:
 The snd_seq_oss_synth_make_info function in
 sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
 kernel before 2.6.27-rc2 does not verify that the device number is within
 the range defined by max_synthdev before returning certain data to the
 caller, which allows local users to obtain sensitive information.
Ubuntu-Description: 
 Tobias Klein discovered that the OSS interface through ALSA did not
 correctly validate the device number.  A local attacker could exploit
 this to access sensitive kernel memory, leading to a denial of service
 or a loss of privacy.
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.27~rc2)
dapper_linux-source-2.6.15: released (2.6.15-52.71)
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux-source-2.6.20:
upstream_linux-source-2.6.20: released (2.6.27~rc2)
dapper_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: released (2.6.20-17.39)
gutsy_linux-source-2.6.20: DNE
hardy_linux-source-2.6.20: DNE
devel_linux-source-2.6.20: DNE

Patches_linux-source-2.6.22:
upstream_linux-source-2.6.22: released (2.6.27~rc2)
dapper_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: released (2.6.22-15.58)
hardy_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE

Patches_linux:
 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=82e68f7ffec3800425f2391c8c86277606860442
upstream_linux: released (2.6.27~rc2)
dapper_linux: DNE
feisty_linux: DNE
gutsy_linux: DNE
hardy_linux: released (2.6.24-19.41)
devel_linux: released (2.6.27-2.3)