snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way
References
Link | Resource |
---|---|
https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474 | Exploit Third Party Advisory |
https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai%40suse.de/ | |
https://twitter.com/yabbadabbadrew/status/1248632267028582400 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way | |
References |
|
|
Information
Published : 2020-04-12 22:15
Updated : 2024-08-04 12:15
NVD link : CVE-2020-11725
Mitre link : CVE-2020-11725
CVE.ORG link : CVE-2020-11725
JSON object : View
Products Affected
linux
- linux_kernel
CWE