The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel prior to 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.27 |
||
linux linux kernel |
||
debian debian linux 4.0 |
||
canonical ubuntu linux 6.06 |
||
canonical ubuntu linux 7.04 |
||
canonical ubuntu linux 7.10 |
||
canonical ubuntu linux 8.04 |
||
redhat enterprise linux desktop 4.0 |
||
redhat enterprise linux eus 4.7 |
||
redhat enterprise linux server 4.0 |
||
redhat enterprise linux workstation 4.0 |