CVE-2010-4527
6.2 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a ‘\0’ character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | lt | 2.6.37 |
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb
lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
openwall.com/lists/oss-security/2010/12/31/1
openwall.com/lists/oss-security/2010/12/31/4
secunia.com/advisories/42765
secunia.com/advisories/43291
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
www.securityfocus.com/bid/45629
www.vupen.com/english/advisories/2011/0375
xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/
bugzilla.redhat.com/show_bug.cgi?id=667615
Social References
More
Related
6.2 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%