oss-sec mailing list archives
CVE request: kernel: AudioScience HPI driver
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 18 Mar 2011 07:18:30 -0400
"The user-supplied index into the adapters array needs to be checked, or an out-of-bounds kernel pointer could be accessed and used, leading to potentially exploitable memory corruption." This may be triggered by a user with access to an appropriate device file, which I'd expect would be restricted to group 'audio'. And you'd need to have this particular driver loaded, either by using the appropriate hardware or finding a new way to force it to be loaded in violation of security policy. Regards, Dan [1] http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671
Current thread:
- CVE request: kernel: AudioScience HPI driver Dan Rosenberg (Mar 18)
- Re: CVE request: kernel: AudioScience HPI driver Eugene Teo (Mar 18)