SB2004060104 - Improper input validation in Linux kernel

Description

This security bulletin contains information about 1 vulnerability.

1) Improper input validation (CVE-ID: CVE-2004-0178)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform service disruption.

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

Remediation

Install update from vendor's website.

References

• ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
• http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
• http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
• http://security.gentoo.org/glsa/glsa-200407-02.xml
• http://www.ciac.org/ciac/bulletins/o-121.shtml
• http://www.ciac.org/ciac/bulletins/o-127.shtml
• http://www.ciac.org/ciac/bulletins/o-193.shtml
• http://www.debian.org/security/2004/dsa-479
• http://www.debian.org/security/2004/dsa-480
• http://www.debian.org/security/2004/dsa-481
• http://www.debian.org/security/2004/dsa-482
• http://www.debian.org/security/2004/dsa-489
• http://www.debian.org/security/2004/dsa-491
• http://www.debian.org/security/2004/dsa-495
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
• http://www.redhat.com/support/errata/RHSA-2004-413.html
• http://www.redhat.com/support/errata/RHSA-2004-437.html
• http://www.securityfocus.com/bid/9985
• https://exchange.xforce.ibmcloud.com/vulnerabilities/15868
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427