CVE-2010-4527
kernel: buffer overflow in OSS load_mixer_volumes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
La función load_mixer_volumes en sound/oss/soundcard.c en el subsistema de sonido OSS del núcleo Linux anterior a v2.6.37 espera incorrectamente a que determinado nombre de campo termine con un carácter '\0', lo que permite a usuarios locales llevar a cabo ataques de desbordamiento de búfer y obtener privilegios o, posiblemente, obtener información sensible de la memoria del núcleo, a través de una llamada SOUND_MIXER_SETLEVELS ioctl.
Multiple vulnerabilities have been addressed in the Linux 2.6 kernel. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. Jens Kuehnel discovered that the InfiniBand driver contained a race condition. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-12-09 CVE Reserved
- 2011-01-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2010/12/31/4 | Mailing List | |
| http://secunia.com/advisories/42765 | Third Party Advisory | |
| http://secunia.com/advisories/43291 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 | Broken Link | |
| http://www.securityfocus.com/bid/45629 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0375 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://openwall.com/lists/oss-security/2010/12/31/1 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=667615 | 2011-02-16 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2010-4527 | 2011-02-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37" | - |
Affected
| ||||||