CVE-2010-4527

Published: 13 January 2011

The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.

From the Ubuntu security team

Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d81a12bc29ae4038770e05dce4ab7f26fd5880fb
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37)

Notes

AuthorNote
jdstrand 
in sound system. Dapper desktop is EOL so ignoring

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading