Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
2010-10-04T21:00:04.923
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.7 (MEDIUM)
AV:L/AC:M/Au:N/C:N/I:N/A:C
3.4
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 2.6.36 | Yes |
| Operating System | linux | linux_kernel | 2.6.36 | Yes |
| Operating System | linux | linux_kernel | 2.6.36 | Yes |
| Operating System | linux | linux_kernel | 2.6.36 | Yes |
| Operating System | linux | linux_kernel | 2.6.36 | Yes |
| Operating System | linux | linux_kernel | 2.6.36 | Yes |
| Operating System | fedoraproject | fedora | 13 | Yes |
| Operating System | opensuse | opensuse | 11.2 | Yes |
| Operating System | opensuse | opensuse | 11.3 | Yes |
| Operating System | suse | linux_enterprise_desktop | 10 | Yes |
| Operating System | suse | linux_enterprise_real_time_extension | 11 | Yes |
| Operating System | suse | linux_enterprise_server | 9 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 10 | Yes |
| Operating System | debian | debian_linux | 5.0 | Yes |
| Operating System | canonical | ubuntu_linux | 6.06 | Yes |
| Operating System | canonical | ubuntu_linux | 8.04 | Yes |
| Operating System | canonical | ubuntu_linux | 9.04 | Yes |
| Operating System | canonical | ubuntu_linux | 9.10 | Yes |
| Operating System | canonical | ubuntu_linux | 10.04 | Yes |
| Operating System | canonical | ubuntu_linux | 10.10 | Yes |