CVE-2008-3272

Linux kernel <2.6.27-rc2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

References (31)

Core 31
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/637-1/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1630
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0885.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32190
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1636
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0972.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2307
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31614
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020636
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31881
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32104
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31551
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30559
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0857.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44225
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32103
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32023
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32759
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31366
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32370
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31836
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32799
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

Scores

EPSS 0.0042
EPSS Percentile 33.6%

Details

CWE
CWE-200
Status published
Products (11)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 7.04
canonical/ubuntu_linux 7.10
canonical/ubuntu_linux 8.04
debian/debian_linux 4.0
linux/linux_kernel 2.6.27 (2 CPE variants)
linux/linux_kernel < 2.6.27
redhat/enterprise_linux_desktop 4.0
redhat/enterprise_linux_eus 4.7
redhat/enterprise_linux_server 4.0
... and 1 more
Published Aug 08, 2008
Tracked Since Feb 18, 2026