CVE-2011-0712

Published: 18 February 2011

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

From the Ubuntu security team

Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc6)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading