CVE-2010-4527 (retired)

Priority
Description
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound
subsystem in the Linux kernel before 2.6.37 incorrectly expects that a
certain name field ends with a '\0' character, which allows local users to
conduct buffer overflow attacks and gain privileges, or possibly obtain
sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl
call.
Ubuntu-Description
Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges.
Notes
 jdstrand> in sound system. Dapper desktop is EOL so ignoring
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
Package
Upstream:released (2.6.37)
More Information

Updated: 2019-03-26 11:54:18 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)