Buffer overflow vulnerability in load_mixer_volumes function in Linux kernel before 2.6.37
CVE-2010-4527 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:C/A:C
The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.