7 matches found
openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)
The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...
RHEL 5 : kernel (RHSA-2011:0004)
Updated kernel packages that fix multiple security issues, several bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, whi...
kernel: prevent heap corruption in snd_ctl_new()
Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...
kernel: prevent heap corruption in snd_ctl_new()
Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...
CVE-2010-3442
Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...
CVE-2010-3442
Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...
Linux kernel 2.6.x snd_ctl_new()函数整数溢出漏洞
Linux Kernel是Linux操作系统所使用的内核。 Linux Kernel的sound/core/control.c文件中的sndctlnew函数未经执行边界检查便通过对用户所提供的大小执行算术操作来为sndkcontrol结构分配空间。如果用户提供了足够大的大小,就会出现溢出,导致分配过小的块,之后用户提供的值就会越界。 拥有通过SNDRVCTLIOCTLELEMADD和SNDRVCTLIOCTLELEMREPLACE ioctl打开/dev/snd/controlC设备(通常为audio组)的非特权用户可到达有漏洞的代码。成功利用这个漏洞的攻击者可以导致拒绝服务或获得权限提...