CVE-2011-1169

EPSS 0.05%
Published 03.05.2011 19:55:07
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 2.6.38.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.12

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=4a122c10fbfe9020df469f0f669da129c5757671

http://openwall.com/lists/oss-security/2011/03/18/1

Third Party Advisory

Mailing List

http://openwall.com/lists/oss-security/2011/03/18/2

Third Party Advisory

Mailing List

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.1

Vendor Advisory

Release Notes

https://bugzilla.redhat.com/show_bug.cgi?id=688898

Patch