Published: 10 November 2008

The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before, 2.6.26.x before, and 2.6.27.x before allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.

From the Ubuntu security team

It was discovered that the driver for simple i2c audio interfaces did not correctly validate certain function pointers. A local user could exploit this to gain root privileges or crash the system, leading to a denial of service.