shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-10 21:07:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
203d86c28cd29846ff66e2d9178f870063d8de83
linux/sound
History
Dan Rosenberg 203d86c28c sound: Prevent buffer overflow in OSS load_mixer_volumes 
commit d81a12bc29 upstream.

The load_mixer_volumes() function, which can be triggered by
unprivileged users via the SOUND_MIXER_SETLEVELS ioctl, is vulnerable to
a buffer overflow.  Because the provided "name" argument isn't
guaranteed to be NULL terminated at the expected 32 bytes, it's possible
to overflow past the end of the last element in the mixer_vols array.
Further exploitation can result in an arbitrary kernel write (via
subsequent calls to load_mixer_volumes()) leading to privilege
escalation, or arbitrary kernel reads via get_mixer_levels().  In
addition, the strcmp() may leak bytes beyond the mixer_vols array.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-01-07 13:58:45 -08:00
..
aoa
of/device: Replace struct of_device with struct platform_device
2010-08-06 09:25:50 -06:00
arm
Merge remote branch 'alsa/devel' into topic/misc
2010-04-16 15:20:06 +02:00
atmel
ALSA: atmel: set "channel A event" output to debug
2010-06-08 16:42:02 +02:00
core
ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation
2010-12-09 13:32:51 -08:00
drivers
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
2010-08-07 17:07:31 -07:00
i2c
ALSA: i2c/other/ak4xx-adda: Fix a compile warning with CONFIG_PROCFS=n
2010-09-30 22:59:12 +02:00
isa
ALSA: msnd-classic: Fix invalid cfg parameter
2010-09-08 09:58:12 +02:00
mips
sound: Add missing spin_unlock
2010-05-27 09:47:02 +02:00
oss
sound: Prevent buffer overflow in OSS load_mixer_volumes
2011-01-07 13:58:45 -08:00
parisc
ALSA: sound/parisc: Move dereference after NULL test
2009-10-30 12:01:38 +01:00
pci
ALSA: hda - Enable jack sense for Thinkpad Edge 11
2011-01-07 13:58:35 -08:00
pcmcia
pcmcia: do not use io_req_t when calling pcmcia_request_io()
2010-08-03 09:04:11 +02:00
ppc
sound: Remove pr_<level> uses of KERN_<level>
2010-09-13 23:40:29 +02:00
sh
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
soc
ASoC: fix deemphasis control in wm8904/55/60 codecs
2011-01-07 13:58:18 -08:00
sparc
of/device: Replace struct of_device with struct platform_device
2010-08-06 09:25:50 -06:00
spi
ALSA: sound/spi: patch for the unuseful variable removal
2010-06-08 16:51:27 +02:00
synth
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
usb
ALSA: usb - Release capture substream URBs properly
2010-09-08 08:27:02 +02:00
ac97_bus.c
Kconfig
tree-wide: fix assorted typos all over the place
2009-12-04 15:39:55 +01:00
last.c
Makefile
sound_core.c
sound: push BKL into open functions
2010-07-12 17:41:05 +02:00
sound_firmware.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00