CVE-2011-0712

Priority
Description
Multiple buffer overflows in the caiaq Native Instruments USB audio
functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might
allow attackers to cause a denial of service or possibly have unspecified
other impact via a long USB device name, related to (1) the
snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the
snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.
Ubuntu-Description
Rafael Dominguez Vega discovered that the caiaq Native Instruments USB
driver did not correctly validate string lengths. A local attacker with
physical access could plug in a specially crafted USB device to crash the
system or potentially gain root privileges.
Notes
Package
Upstream:released (2.6.38~rc6)
Package
Upstream:released (2.6.38~rc6)
Package
Upstream:released (2.6.38~rc6)
Package
Upstream:released (2.6.38~rc6)
Package
Upstream:released (2.6.38~rc6)
Package
Upstream:released (2.6.38~rc6)
Package
Upstream:released (2.6.38~rc6)
More Information

Updated: 2020-09-10 01:40:51 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)