CVE-2010-4527

Priority
Medium
Description
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound
subsystem in the Linux kernel before 2.6.37 incorrectly expects that a
certain name field ends with a '\0' character, which allows local users to
conduct buffer overflow attacks and gain privileges, or possibly obtain
sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl
call.
Ubuntu-Description
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges.
References
Bugs
Notes
 jdstrand> in sound system. Dapper desktop is EOL so ignoring
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d81a12bc29ae4038770e05dce4ab7f26fd5880fb
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
More Information

Updated: 2018-06-26 04:38:50 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)