err.no Git - linux-2.6/commit

]> err.no Git - linux-2.6/commit

author	Willy Tarreau <w@1wt.eu>
	Sat, 2 Aug 2008 16:25:16 +0000 (18:25 +0200)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Tue, 5 Aug 2008 00:03:26 +0000 (17:03 -0700)
commit	82e68f7ffec3800425f2391c8c86277606860442
tree	dd0133edc67252f786d16541a7475dfe52b845d8	tree \| snapshot
parent	82248a5e92793014d156a12dbcbba633794ce9f8	commit \| diff

sound: ensure device number is valid in snd_seq_oss_synth_make_info

snd_seq_oss_synth_make_info() incorrectly reports information
to userspace without first checking for the validity of the
device number, leading to possible information leak (CVE-2008-3272).

Reported-By: Tobias Klein <tk@trapkit.de>
Acked-and-tested-by: Takashi Iwai <tiwai@suse.de>
Cc: stable@kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

sound/core/seq/oss/seq_oss_synth.c

diff | blob | history

Linux 2.6 source tree

RSS Atom