CVE-2008-3272Sensitive Information Exposure in Kernel

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 80.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelCanonical Ubuntu LinuxDebian Linux+4 more
Timeline
PublishedAug 8
Latest updateMay 1

Description

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

NVDlinux/linux_kernel< 2.6.27+1

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04, Enterprise Linux 4.7

🔴Vulnerability Details

1
GHSA
GHSA-qg44-g4p3-cf6x: The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth2022-05-01

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2008-08-25
Red Hat
kernel snd_seq_oss_synth_make_info leak2008-08-02

💬Community

1
Bugzilla
CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak2008-08-06