CVE-2011-0712

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.38-rc4-next-20110215

Description The issue is related to multiple buffer overflows in the caiaq Native Instruments USB audio functionality. This could potentially allow attackers to cause a denial of service or have other unspecified impacts via a long USB device name. The problem is associated with the snd usb caiaq audio init function in sound/usb/caiaq/audio.c and the snd usb caiaq midi init function in sound/usb/caiaq/midi.c.

Recommendations For Linux kernel versions prior to 2.6.38-rc4-next-20110215, update to version 2.6.38-rc4-next-20110215 or later to resolve the issue. As a temporary workaround, consider restricting the use of long USB device names to minimize the risk of exploitation.