Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-4527
HistoryJan 13, 2011 - 12:00 a.m.

CVE-2010-4527

2011-01-1300:00:00
ubuntu.com
ubuntu.com
9

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound
subsystem in the Linux kernel before 2.6.37 incorrectly expects that a
certain name field ends with a ‘\0’ character, which allows local users to
conduct buffer overflow attacks and gain privileges, or possibly obtain
sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl
call.

Bugs

Notes

Author Note
jdstrand in sound system. Dapper desktop is EOL so ignoring

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

Related for UB:CVE-2010-4527