CVE-2011-0712 "linux plug&pwn"

Bug #741925 reported by giff gill on 2011-03-24
This bug report is a duplicate of:  Bug #768448: CVE-2011-0712. Edit Remove
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
linux-ec2 (Ubuntu)
Undecided
Unassigned
linux-linaro (Ubuntu)
Undecided
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
linux-mvl-dove (Ubuntu)
Undecided
Unassigned
linux-qcm-msm (Ubuntu)
Undecided
Unassigned

Bug Description

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

CVE References

To determine the severity and urgency of the bug I'd like to know if one needs a special programmable usb device for this bug or can benign usb storage and similar devices be modified as well to trigger the bug?

visibility: private → public
tags: added: maverick
Changed in linux (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
importance: Medium → Low
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers