Linux Kernel C-Media PCI Audio Driver Does Not Properly Access Userspace Data
|
|
SecurityTracker Alert ID: 1007556 |
|
SecurityTracker URL: http://securitytracker.com/id/1007556
|
|
CVE Reference:
CAN-2003-0699
(Links to External Site)
|
Date: Aug 22 2003
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.4, prior to 2.4.21
|
Description:
A vulnerability was reported in the Linux kernel in the C-Media PCI sound driver. The driver does not properly separate userspace and kernel space data.
It is reported that 'cmpci.c' accesses some userspace arguments without using the get_user() function to copy the userspace data to kernel space.
No specific exploit method was described.
|
Impact:
No specific impact was reported. It may (theoretically) be possible for a local user to execute arbitrary code with kernel level privileges or to read kernel data.
|
Solution:
The vendor has released a fixed version (2.4.21) of the Linux kernel.
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 22 Aug 2003 00:37:12 -0400
Subject: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0699
|
> CVE: CAN-2003-0699
> The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user
> function to access userspace, which crosses security boundaries and may
> facilitate the exploitation of vulnerabilities.
-----
> RHSA-2003:198-16
> The C-Media PCI sound driver in unpatched kernel versions prior to 2.4.21
> accesses userspace without using the get_user function, which is a
> potential security hole. The Common Vulnerabilities and Exposures project
> (cve.mitre.org) has assigned the name CAN-2003-0699 to this issue.
-----
|
|
