The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 2.4.0 (including) | 2.4.0 (including) |
| Red Hat Enterprise Linux 3 | RedHat | kernel-0:2.4.21-15.0.4.EL | * |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Kernel-source-2.4.27 | Ubuntu | dapper | * |
| Kernel-source-2.4.27 | Ubuntu | edgy | * |
References
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000846
- http://linux.bkbits.net:8080/linux-2.4/cset%40404ce5967rY2Ryu6Z_uNbYh643wuFA
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.ciac.org/ciac/bulletins/o-193.shtml
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
- http://www.redhat.com/support/errata/RHSA-2004-413.html
- http://www.redhat.com/support/errata/RHSA-2004-437.html
- http://www.securityfocus.com/bid/9985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15868
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000846
- http://linux.bkbits.net:8080/linux-2.4/cset%40404ce5967rY2Ryu6Z_uNbYh643wuFA
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.ciac.org/ciac/bulletins/o-121.shtml
- http://www.ciac.org/ciac/bulletins/o-127.shtml
- http://www.ciac.org/ciac/bulletins/o-193.shtml
- http://www.debian.org/security/2004/dsa-479
- http://www.debian.org/security/2004/dsa-480
- http://www.debian.org/security/2004/dsa-481
- http://www.debian.org/security/2004/dsa-482
- http://www.debian.org/security/2004/dsa-489
- http://www.debian.org/security/2004/dsa-491
- http://www.debian.org/security/2004/dsa-495
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
- http://www.redhat.com/support/errata/RHSA-2004-413.html
- http://www.redhat.com/support/errata/RHSA-2004-437.html
- http://www.securityfocus.com/bid/9985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15868
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427