Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability

The Linux kernel Advanced Linux Sound Architecture (ALSA) is prone to a local heap-based integer-overflow vulnerability because it fails to properly validate user-supplied input.

Unprivileged users who have permission to open a '/dev/snd/controlC*' device (members of the 'audio' group in most distributions) can trigger this issue.

Local attackers can exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts may crash the affected kernel, denying service to legitimate users.


 

Privacy Statement
Copyright 2010, SecurityFocus