Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 5.0 | 5.0.x |
linux / linux_kernel | - | 2.6.36 |
linux / linux_kernel | 2.6.36 | 2.6.36.x |
linux / linux_kernel | 2.6.36-rc1 | 2.6.36-rc1.x |
linux / linux_kernel | 2.6.36-rc2 | 2.6.36-rc2.x |
linux / linux_kernel | 2.6.36-rc3 | 2.6.36-rc3.x |
linux / linux_kernel | 2.6.36-rc4 | 2.6.36-rc4.x |
opensuse / opensuse | 11.2 | 11.2.x |
opensuse / opensuse | 11.3 | 11.3.x |
fedoraproject / fedora | 13 | 13.x |
canonical / ubuntu_linux | 10.04 | 10.04.x |
canonical / ubuntu_linux | 10.10 | 10.10.x |
canonical / ubuntu_linux | 6.06 | 6.06.x |
canonical / ubuntu_linux | 8.04 | 8.04.x |
canonical / ubuntu_linux | 9.04 | 9.04.x |
canonical / ubuntu_linux | 9.10 | 9.10.x |
suse / linux_enterprise_desktop | 10-sp3 | 10-sp3.x |
suse / linux_enterprise_server | 10-sp3 | 10-sp3.x |
suse / linux_enterprise_server | 9 | 9.x |
suse / linux_enterprise_software_development_kit | 10-sp3 | 10-sp3.x |
suse / linux_enterprise_real_time_extension | 11-sp1 | 11-sp1.x |