Actu
Vigil@nce - Linux kernel: memory corruption via via AudioScience HPI
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker, who is member of the audio group, can use an
ioctl, in order to corrupt the kernel memory, which stops it, and
may lead to code execution.
Severity: 1/4
Creation date: 18/03/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel support AudioScience devices with the HPI
interface (Hardware Programming Interface).
The sound/pci/asihpi/hpioctl.c file implements the HPI_IOCTL_LINUX
ioctl which processes adapters. However, if an attacker uses an
adapter number superior to HPI_MAX_ADAPTERS, the
asihpi_hpi_ioctl() function writes to an invalid memory address.
A local attacker, who is member of the audio group, can therefore
use an ioctl, in order to corrupt the kernel memory, which stops
it, and may lead to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-memory-corruption-via-via-AudioScience-HPI-10464
