CVE-2004-0178

Linux Kernel - Denial of Service

Title source: rule

Description

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

References (20)

[Various Sources] http://linux.bkbits.net:8080/linux-2.4/cset%40404ce5967rY2Ryu6Z_uNbYh643wuFA

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-121.shtml

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-127.shtml

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-193.shtml

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-482

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-489

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-491

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-495

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-413.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/9985

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15868

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-437.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:029

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc

[Third Party Advisory] http://www.debian.org/security/2004/dsa-479

[Third Party Advisory] http://www.debian.org/security/2004/dsa-480

[Third Party Advisory] http://www.debian.org/security/2004/dsa-481

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200407-02.xml

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427

Scores

EPSS 0.0008

EPSS Percentile 23.3%

Classification

Status draft

Affected Products (1)

linux/linux_kernel

Timeline

Published Jun 01, 2004

Tracked Since Feb 18, 2026