Revision - d81a12b - sound: Prevent buffer overflow in OSS load_mixer_volumes - origin: https://github.com/torvalds/linux

visit type:

https://github.com/torvalds/linux

13 June 2022, 11:31:42 UTC

Code
Branches (1)
Releases (747)
Visits

Revision d81a12bc29ae4038770e05dce4ab7f26fd5880fb authored by Dan Rosenberg on 25 December 2010, 21:23:40 UTC, committed by Takashi Iwai on 30 December 2010, 12:20:55 UTC

sound: Prevent buffer overflow in OSS load_mixer_volumes

The load_mixer_volumes() function, which can be triggered by
unprivileged users via the SOUND_MIXER_SETLEVELS ioctl, is vulnerable to
a buffer overflow.  Because the provided "name" argument isn't
guaranteed to be NULL terminated at the expected 32 bytes, it's possible
to overflow past the end of the last element in the mixer_vols array.
Further exploitation can result in an arbitrary kernel write (via
subsequent calls to load_mixer_volumes()) leading to privilege
escalation, or arbitrary kernel reads via get_mixer_levels().  In
addition, the strcmp() may leak bytes beyond the mixer_vols array.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

1 parent 7693457

Files
Changes

Branches
Releases

HEAD
refs/heads/master
d81a12bc29ae4038770e05dce4ab7f26fd5880fb

v5.9-rc8
v5.9-rc7
v5.9-rc6
v5.9-rc5
v5.9-rc4
v5.9-rc3
v5.9-rc2
v5.9-rc1
v5.9
v5.8-rc7
v5.8-rc6
v5.8-rc5
v5.8-rc4
v5.8-rc3
v5.8-rc2
v5.8-rc1
v5.8
v5.7-rc7
v5.7-rc6
v5.7-rc5
v5.7-rc4
v5.7-rc3
v5.7-rc2
v5.7-rc1
v5.7
v5.6-rc7
v5.6-rc6
v5.6-rc5
v5.6-rc4
v5.6-rc3
v5.6-rc2
v5.6-rc1
v5.6
v5.5-rc7
v5.5-rc6
v5.5-rc5
v5.5-rc4
v5.5-rc3
v5.5-rc2
v5.5-rc1
v5.5
v5.4-rc8
v5.4-rc7
v5.4-rc6
v5.4-rc5
v5.4-rc4
v5.4-rc3
v5.4-rc2
v5.4-rc1
v5.4
v5.3-rc8
v5.3-rc7
v5.3-rc6
v5.3-rc5
v5.3-rc4
v5.3-rc3
v5.3-rc2
v5.3-rc1
v5.3
v5.2-rc7
v5.2-rc6
v5.2-rc5
v5.2-rc4
v5.2-rc3
v5.2-rc2
v5.2-rc1
v5.2
v5.19-rc2
v5.19-rc1
v5.18-rc7
v5.18-rc6
v5.18-rc5
v5.18-rc4
v5.18-rc3
v5.18-rc2
v5.18-rc1
v5.18
v5.17-rc8
v5.17-rc7
v5.17-rc6
v5.17-rc5
v5.17-rc4
v5.17-rc3
v5.17-rc2
v5.17-rc1
v5.17
v5.16-rc8
v5.16-rc7
v5.16-rc6
v5.16-rc5
v5.16-rc4
v5.16-rc3
v5.16-rc2
v5.16-rc1
v5.16
v5.15-rc7
v5.15-rc6
v5.15-rc5
v5.15-rc4
v5.15-rc3
v5.15-rc2
v5.15-rc1
v5.15
v5.14-rc7
v5.14-rc6
v5.14-rc5
v5.14-rc4
v5.14-rc3
v5.14-rc2
v5.14-rc1
v5.14
v5.13-rc7
v5.13-rc6
v5.13-rc5
v5.13-rc4
v5.13-rc3
v5.13-rc2
v5.13-rc1
v5.13
v5.12-rc8
v5.12-rc7
v5.12-rc6
v5.12-rc5
v5.12-rc4
v5.12-rc3
v5.12-rc2
v5.12-rc1
v5.12
v5.11-rc7
v5.11-rc6
v5.11-rc5
v5.11-rc4
v5.11-rc3
v5.11-rc2
v5.11-rc1
v5.11
v5.10-rc7
v5.10-rc6
v5.10-rc5
v5.10-rc4
v5.10-rc3
v5.10-rc2
v5.10-rc1
v5.10
v5.1-rc7
v5.1-rc6
v5.1-rc5
v5.1-rc4
v5.1-rc3
v5.1-rc2
v5.1-rc1
v5.1
v5.0-rc8
v5.0-rc7
v5.0-rc6
v5.0-rc5
v5.0-rc4
v5.0-rc3
v5.0-rc2
v5.0-rc1
v5.0
v4.9-rc8
v4.9-rc7
v4.9-rc6
v4.9-rc5
v4.9-rc4
v4.9-rc3
v4.9-rc2
v4.9-rc1
v4.9
v4.8-rc8
v4.8-rc7
v4.8-rc6
v4.8-rc5
v4.8-rc4
v4.8-rc3
v4.8-rc2
v4.8-rc1
v4.8
v4.7-rc7
v4.7-rc6
v4.7-rc5
v4.7-rc4
v4.7-rc3
v4.7-rc2
v4.7-rc1
v4.7
v4.6-rc7
v4.6-rc6
v4.6-rc5
v4.6-rc4
v4.6-rc3
v4.6-rc2
v4.6-rc1
v4.6
v4.5-rc7
v4.5-rc6
v4.5-rc5
v4.5-rc4
v4.5-rc3
v4.5-rc2
v4.5-rc1
v4.5
v4.4-rc8
v4.4-rc7
v4.4-rc6
v4.4-rc5
v4.4-rc4
v4.4-rc3
v4.4-rc2
v4.4-rc1
v4.4
v4.3-rc7
v4.3-rc6
v4.3-rc5
v4.3-rc4
v4.3-rc3
v4.3-rc2
v4.3-rc1
v4.3
v4.20-rc7
v4.20-rc6
v4.20-rc5
v4.20-rc4
v4.20-rc3
v4.20-rc2
v4.20-rc1
v4.20
v4.2-rc8
v4.2-rc7
v4.2-rc6
v4.2-rc5
v4.2-rc4
v4.2-rc3
v4.2-rc2
v4.2-rc1
v4.2
v4.19-rc8
v4.19-rc7
v4.19-rc6
v4.19-rc5
v4.19-rc4
v4.19-rc3
v4.19-rc2
v4.19-rc1
v4.19
v4.18-rc8
v4.18-rc7
v4.18-rc6
v4.18-rc5
v4.18-rc4
v4.18-rc3
v4.18-rc2
v4.18-rc1
v4.18
v4.17-rc7
v4.17-rc6
v4.17-rc5
v4.17-rc4
v4.17-rc3
v4.17-rc2
v4.17-rc1
v4.17
v4.16-rc7
v4.16-rc6
v4.16-rc5
v4.16-rc4
v4.16-rc3
v4.16-rc2
v4.16-rc1
v4.16
v4.15-rc9
v4.15-rc8
v4.15-rc7
v4.15-rc6
v4.15-rc5
v4.15-rc4
v4.15-rc3
v4.15-rc2
v4.15-rc1
v4.15
v4.14-rc8
v4.14-rc7
v4.14-rc6
v4.14-rc5
v4.14-rc4
v4.14-rc3
v4.14-rc2
v4.14-rc1
v4.14
v4.13-rc7
v4.13-rc6
v4.13-rc5
v4.13-rc4
v4.13-rc3
v4.13-rc2
v4.13-rc1
v4.13
v4.12-rc7
v4.12-rc6
v4.12-rc5
v4.12-rc4
v4.12-rc3
v4.12-rc2
v4.12-rc1
v4.12
v4.11-rc8
v4.11-rc7
v4.11-rc6
v4.11-rc5
v4.11-rc4
v4.11-rc3
v4.11-rc2
v4.11-rc1
v4.11
v4.10-rc8
v4.10-rc7
v4.10-rc6
v4.10-rc5
v4.10-rc4
v4.10-rc3
v4.10-rc2
v4.10-rc1
v4.10
v4.1-rc8
v4.1-rc7
v4.1-rc6
v4.1-rc5
v4.1-rc4
v4.1-rc3
v4.1-rc2
v4.1-rc1
v4.1
v4.0-rc7
v4.0-rc6
v4.0-rc5
v4.0-rc4
v4.0-rc3
v4.0-rc2
v4.0-rc1
v4.0
v3.9-rc8
v3.9-rc7
v3.9-rc6
v3.9-rc5
v3.9-rc4
v3.9-rc3
v3.9-rc2
v3.9-rc1
v3.9
v3.8-rc7
v3.8-rc6
v3.8-rc5
v3.8-rc4
v3.8-rc3
v3.8-rc2
v3.8-rc1
v3.8
v3.7-rc8
v3.7-rc7
v3.7-rc6
v3.7-rc5
v3.7-rc4
v3.7-rc3
v3.7-rc2
v3.7-rc1
v3.7
v3.6-rc7
v3.6-rc6
v3.6-rc5
v3.6-rc4
v3.6-rc3
v3.6-rc2
v3.6-rc1
v3.6
v3.5-rc7
v3.5-rc6
v3.5-rc5
v3.5-rc4
v3.5-rc3
v3.5-rc2
v3.5-rc1
v3.5
v3.4-rc7
v3.4-rc6
v3.4-rc5
v3.4-rc4
v3.4-rc3
v3.4-rc2
v3.4-rc1
v3.4
v3.3-rc7
v3.3-rc6
v3.3-rc5
v3.3-rc4
v3.3-rc3
v3.3-rc2
v3.3-rc1
v3.3
v3.2-rc7
v3.2-rc6
v3.2-rc5
v3.2-rc4
v3.2-rc3
v3.2-rc2
v3.2-rc1
v3.2
v3.19-rc7
v3.19-rc6
v3.19-rc5
v3.19-rc4
v3.19-rc3
v3.19-rc2
v3.19-rc1
v3.19
v3.18-rc7
v3.18-rc6
v3.18-rc5
v3.18-rc4
v3.18-rc3
v3.18-rc2
v3.18-rc1
v3.18
v3.17-rc7
v3.17-rc6
v3.17-rc5
v3.17-rc4
v3.17-rc3
v3.17-rc2
v3.17-rc1
v3.17
v3.16-rc7
v3.16-rc6
v3.16-rc5
v3.16-rc4
v3.16-rc3
v3.16-rc2
v3.16-rc1
v3.16
v3.15-rc8
v3.15-rc7
v3.15-rc6
v3.15-rc5
v3.15-rc4
v3.15-rc3
v3.15-rc2
v3.15-rc1
v3.15
v3.14-rc8
v3.14-rc7
v3.14-rc6
v3.14-rc5
v3.14-rc4
v3.14-rc3
v3.14-rc2
v3.14-rc1
v3.14
v3.13-rc8
v3.13-rc7
v3.13-rc6
v3.13-rc5
v3.13-rc4
v3.13-rc3
v3.13-rc2
v3.13-rc1
v3.13
v3.12-rc7
v3.12-rc6
v3.12-rc5
v3.12-rc4
v3.12-rc3
v3.12-rc2
v3.12-rc1
v3.12
v3.11-rc7
v3.11-rc6
v3.11-rc5
v3.11-rc4
v3.11-rc3
v3.11-rc2
v3.11-rc1
v3.11
v3.10-rc7
v3.10-rc6
v3.10-rc5
v3.10-rc4
v3.10-rc3
v3.10-rc2
v3.10-rc1
v3.10
v3.1-rc9
v3.1-rc8
v3.1-rc7
v3.1-rc6
v3.1-rc5
v3.1-rc4
v3.1-rc3
v3.1-rc2
v3.1-rc10
v3.1-rc1
v3.1
v3.0-rc7
v3.0-rc6
v3.0-rc5
v3.0-rc4
v3.0-rc3
v3.0-rc2
v3.0-rc1
v3.0
v2.6.39-rc7
v2.6.39-rc6
v2.6.39-rc5
v2.6.39-rc4
v2.6.39-rc3
v2.6.39-rc2
v2.6.39-rc1
v2.6.39
v2.6.38-rc8
v2.6.38-rc7
v2.6.38-rc6
v2.6.38-rc5
v2.6.38-rc4
v2.6.38-rc3
v2.6.38-rc2
v2.6.38-rc1
v2.6.38
v2.6.37-rc8
v2.6.37-rc7
v2.6.37-rc6
v2.6.37-rc5
v2.6.37-rc4
v2.6.37-rc3
v2.6.37-rc2
v2.6.37-rc1
v2.6.37
v2.6.36-rc8
v2.6.36-rc7
v2.6.36-rc6
v2.6.36-rc5
v2.6.36-rc4
v2.6.36-rc3
v2.6.36-rc2
v2.6.36-rc1
v2.6.36
v2.6.35-rc6
v2.6.35-rc5
v2.6.35-rc4
v2.6.35-rc3
v2.6.35-rc2
v2.6.35-rc1
v2.6.35
v2.6.34-rc7
v2.6.34-rc6
v2.6.34-rc5
v2.6.34-rc4
v2.6.34-rc3
v2.6.34-rc2
v2.6.34-rc1
v2.6.34
v2.6.33-rc8
v2.6.33-rc7
v2.6.33-rc6
v2.6.33-rc5
v2.6.33-rc4
v2.6.33-rc3
v2.6.33-rc2
v2.6.33-rc1
v2.6.33
v2.6.32-rc8
v2.6.32-rc7
v2.6.32-rc6
v2.6.32-rc5
v2.6.32-rc4
v2.6.32-rc3
v2.6.32-rc1
v2.6.32
v2.6.31-rc9
v2.6.31-rc8
v2.6.31-rc7
v2.6.31-rc6
v2.6.31-rc5
v2.6.31-rc4
v2.6.31-rc3
v2.6.31-rc2
v2.6.31-rc1
v2.6.31
v2.6.30-rc8
v2.6.30-rc7
v2.6.30-rc6
v2.6.30-rc5
v2.6.30-rc4
v2.6.30-rc3
v2.6.30-rc2
v2.6.30-rc1
v2.6.30
v2.6.29-rc8
v2.6.29-rc7
v2.6.29-rc6
v2.6.29-rc5
v2.6.29-rc4
v2.6.29-rc3
v2.6.29-rc2
v2.6.29-rc1
v2.6.29
v2.6.28-rc9
v2.6.28-rc8
v2.6.28-rc7
v2.6.28-rc6
v2.6.28-rc5
v2.6.28-rc4
v2.6.28-rc3
v2.6.28-rc2
v2.6.28-rc1
v2.6.28
v2.6.27-rc9
v2.6.27-rc8
v2.6.27-rc7
v2.6.27-rc6
v2.6.27-rc5
v2.6.27-rc4
v2.6.27-rc3
v2.6.27-rc2
v2.6.27-rc1
v2.6.27
v2.6.26-rc9
v2.6.26-rc8
v2.6.26-rc7
v2.6.26-rc6
v2.6.26-rc5
v2.6.26-rc4
v2.6.26-rc3
v2.6.26-rc2
v2.6.26-rc1
v2.6.26
v2.6.25-rc9
v2.6.25-rc8
v2.6.25-rc7
v2.6.25-rc6
v2.6.25-rc5
v2.6.25-rc4
v2.6.25-rc3
v2.6.25-rc2
v2.6.25-rc1
v2.6.25
v2.6.24-rc8
v2.6.24-rc7
v2.6.24-rc6
v2.6.24-rc5
v2.6.24-rc4
v2.6.24-rc3
v2.6.24-rc2
v2.6.24-rc1
v2.6.24
v2.6.23-rc9
v2.6.23-rc8
v2.6.23-rc7
v2.6.23-rc6
v2.6.23-rc5
v2.6.23-rc4
v2.6.23-rc3
v2.6.23-rc2
v2.6.23-rc1
v2.6.23
v2.6.22-rc7
v2.6.22-rc6
v2.6.22-rc5
v2.6.22-rc4
v2.6.22-rc3
v2.6.22-rc2
v2.6.22-rc1
v2.6.22
v2.6.21-rc7
v2.6.21-rc6
v2.6.21-rc5
v2.6.21-rc4
v2.6.21-rc3
v2.6.21-rc2
v2.6.21-rc1
v2.6.21
v2.6.20-rc7
v2.6.20-rc6
v2.6.20-rc5
v2.6.20-rc4
v2.6.20-rc3
v2.6.20-rc2
v2.6.20-rc1
v2.6.20
v2.6.19-rc6
v2.6.19-rc5
v2.6.19-rc4
v2.6.19-rc3
v2.6.19-rc2
v2.6.19-rc1
v2.6.19
v2.6.18-rc7
v2.6.18-rc6
v2.6.18-rc5
v2.6.18-rc4
v2.6.18-rc3
v2.6.18-rc2
v2.6.18-rc1
v2.6.18
v2.6.17-rc6
v2.6.17-rc5
v2.6.17-rc4
v2.6.17-rc3
v2.6.17-rc2
v2.6.17-rc1
v2.6.17
v2.6.16-rc6
v2.6.16-rc5
v2.6.16-rc4
v2.6.16-rc3
v2.6.16-rc2
v2.6.16-rc1
v2.6.16
v2.6.15-rc7
v2.6.15-rc6
v2.6.15-rc5
v2.6.15-rc4
v2.6.15-rc3
v2.6.15-rc2
v2.6.15-rc1
v2.6.15
v2.6.14-rc5
v2.6.14-rc4
v2.6.14-rc3
v2.6.14-rc2
v2.6.14-rc1
v2.6.14
v2.6.13-rc7
v2.6.13-rc6
v2.6.13-rc5
v2.6.13-rc4
v2.6.13-rc3
v2.6.13-rc2
v2.6.13-rc1
v2.6.13
v2.6.12-rc6
v2.6.12-rc5
v2.6.12-rc4
v2.6.12-rc3
v2.6.12-rc2
v2.6.12
v2.6.11-tree

69b5439
/

History

Cook and download a directory from the Software Heritage Vault

You have requested the cooking of the directory with identifier swh:1:dir:69b5439b49368704465f797ff7ae147e3d81d451 into a standard tar.gz archive.

Are you sure you want to continue ?

(Optional) Send download link once it is available to that email address:

Download a directory from the Software Heritage Vault

You have requested the download of the directory with identifier swh:1:dir:69b5439b49368704465f797ff7ae147e3d81d451 as a standard tar.gz archive.

Are you sure you want to continue ?

Cook and download a revision from the Software Heritage Vault

You have requested the cooking of the history heading to revision with identifier swh:1:rev:d81a12bc29ae4038770e05dce4ab7f26fd5880fb into a bare git archive.

Are you sure you want to continue ?

(Optional) Send download link once it is available to that email address:

Download a revision from the Software Heritage Vault

You have requested the download of the history heading to revision with identifier swh:1:rev:d81a12bc29ae4038770e05dce4ab7f26fd5880fb as a bare git archive.

Are you sure you want to continue ?

Invalid Email !

The provided email is not well-formed.

Download link has expired

The requested archive is no longer available for download from the Software Heritage Vault.

Do you want to cook it again ?

Take a new snapshot of a software origin

If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.

Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.

Visit type

Origin url

Processing "take a new snapshot" request ...

Permalinks

To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.

revision
directory
snapshot

swh:1:rev:d81a12bc29ae4038770e05dce4ab7f26fd5880fb

Add contextual information

Iframe embedding

swh:1:dir:69b5439b49368704465f797ff7ae147e3d81d451

Add contextual information

swh:1:snp:b11fb3edbaef37341fe2ae130e12496723d8d37b

Add contextual information

Tip revision: d81a12bc29ae4038770e05dce4ab7f26fd5880fb authored by Dan Rosenberg on 25 December 2010, 21:23:40 UTC
sound: Prevent buffer overflow in OSS load_mixer_volumes

Tip revision: d81a12b

File	Mode	Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.gitignore	-rw-r--r--	936 bytes
.mailmap	-rw-r--r--	3.9 KB
COPYING	-rw-r--r--	18.3 KB
CREDITS	-rw-r--r--	91.8 KB
Kbuild	-rw-r--r--	2.4 KB
Kconfig	-rw-r--r--	252 bytes
MAINTAINERS	-rw-r--r--	178.3 KB
Makefile	-rw-r--r--	50.9 KB
README	-rw-r--r--	17.1 KB
REPORTING-BUGS	-rw-r--r--	3.3 KB

The diff you're trying to view is too large. Only the first 1000 changed files have been loaded.

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...

https://github.com/torvalds/linux

sound: Prevent buffer overflow in OSS load_mixer_volumes

README