CVE-2010-4527

Priority
Description
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound
subsystem in the Linux kernel before 2.6.37 incorrectly expects that a
certain name field ends with a '\0' character, which allows local users to
conduct buffer overflow attacks and gain privileges, or possibly obtain
sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl
call.
Ubuntu-Description
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges.
Notes
jdstrandin sound system. Dapper desktop is EOL so ignoring
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
More Information

Updated: 2019-12-05 20:56:04 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)