Your submission was sent successfully! Close

CVE-2008-5033

Published: 10 November 2008

The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.

From the Ubuntu security team

It was discovered that the driver for simple i2c audio interfaces did not correctly validate certain function pointers. A local user could exploit this to gain root privileges or crash the system, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-22.45)
intrepid
Released (2.6.27-9.19)
upstream
Released (2.6.28~rc5)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=01a1a3cc1e3fbe718bd06a2a5d4d1a2d0fb4d7d9
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-53.74)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.28~rc5)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.60)
hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.28~rc5)