Code injection

sndctlelemadd in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-owner line, which later affects a privatesizecount multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were...

CVE-2020-11725

CVE-2020-11725 affects the Linux kernel (through 5.6.3) in snd_ctl_elem_add (sound/core/control.c). The root cause is a count=info->owner usage that can feed into a private_size*count multiplication, causing unspecified side effects. Kernel engineers dispute the finding, noting it may only mat...

Oracle Linux 6 : kernel (ELSA-2014-1392)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1392 advisory. - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094458 CVE-2014-0205 Tenable has extracted the preceding description block direct...

CVE-2014-4654

The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRVCTLIOCTLELEMREPLACE commands, which allows local users to remove kernel controls and cause a denial of service use-after-free and system...

Linux kernel 2.6.x snd_ctl_new()函数整数溢出漏洞

Linux Kernel是Linux操作系统所使用的内核。 Linux Kernel的sound/core/control.c文件中的sndctlnew函数未经执行边界检查便通过对用户所提供的大小执行算术操作来为sndkcontrol结构分配空间。如果用户提供了足够大的大小，就会出现溢出，导致分配过小的块，之后用户提供的值就会越界。 拥有通过SNDRVCTLIOCTLELEMADD和SNDRVCTLIOCTLELEMREPLACE ioctl打开/dev/snd/controlC设备（通常为audio组）的非特权用户可到达有漏洞的代码。成功利用这个漏洞的攻击者可以导致拒绝服务或获得权限提...

CVE-2004-0649

CVE-2004-0649 describes a buffer overflow in l2tpd's write_packet function (control.c) that could allow a remote attacker to execute arbitrary code. The vulnerability affects older l2tpd versions, with OpenVAS guidance explicitly noting upgrades to 0.69 or later as the remedy. NVD CVSS suggests a...