Buffer overflow vulnerability in load_mixer_volumes function in Linux kernel before 2.6.37

Buffer overflow vulnerability in load_mixer_volumes function in Linux kernel before 2.6.37

CVE-2010-4527 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.