Wednesday, September 29, 2010

Linux Kernel "snd_ctl_new()" Integer Overflow Vulnerability SA41650

From Secunia:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.

The vulnerability is caused due to an integer overflow error when allocating memory within the "snd_ctl_new()" function in sound/core/control.c, which can be exploited to cause a heap-based buffer overflow.

Criticality: Less Critical

OSG Recommendation:
If you think your systems may have this vulnerability you can consider removing or limiting access to the sound (or audio) subsystem.

No comments:

Post a Comment