7.2
CVE-2011-0712
- EPSS 0.44%
- Veröffentlicht 18.02.2011 20:00:09
- Zuletzt bearbeitet 16.06.2026 23:27:55
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.38
Linux ≫ Linux Kernel Version2.6.38 Update-
Linux ≫ Linux Kernel Version2.6.38 Updaterc1
Linux ≫ Linux Kernel Version2.6.38 Updaterc2
Linux ≫ Linux Kernel Version2.6.38 Updaterc3
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=eaae55dac6b64c0616046436b294e69fc5311581
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2
http://www.openwall.com/lists/oss-security/2011/02/16/11
http://www.openwall.com/lists/oss-security/2011/02/16/12
http://www.openwall.com/lists/oss-security/2011/02/16/5
http://www.securityfocus.com/bid/46419
http://www.ubuntu.com/usn/USN-1146-1
https://bugzilla.redhat.com/show_bug.cgi?id=677881
https://exchange.xforce.ibmcloud.com/vulnerabilities/65461