CVE-2010-3442

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise (affected versions not specified) Linux kernel versions prior to 2.6.36-rc5-next-20100929

Description The issue involves multiple vulnerabilities in the Linux kernel that can lead to a denial of service or potentially other impacts. These vulnerabilities can be exploited remotely. Specifically, there are multiple integer overflows in the snd ctl new function in sound/core/control.c that allow local users to cause heap memory corruption via crafted ioctl calls, such as SNDRV CTL IOCTL ELEM ADD or SNDRV CTL IOCTL ELEM REPLACE.

Recommendations For Linux kernel versions prior to 2.6.36-rc5-next-20100929, update to version 2.6.36-rc5-next-20100929 or later to resolve the issue. For SUSE Linux Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-200

Related Identifiers

BDU:2015-04589

BDU:2015-04590

CVE-2010-3442

DSA-2126-1

RHSA-2010:0842

RHSA-2010:0936

RHSA-2010:0958

RHSA-2010_0842

RHSA-2010_0936

RHSA-2011:0004

RHSA-2011_0004

Affected Products

Linux Kernel

Red Hat

Suse Linux Enterprise

CVE-2010-3442

Weakness Enumeration

Related Identifiers

Affected Products

References · 115