CVE-2010-3080
The MITRE CVE dictionary describes this issue as:
Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.
Find out more about CVE-2010-3080 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as it did not include upstream commit 7034632d that introduced the problem. It did not affect Red Hat Enterprise MRG as the /dev/sequencer device file is restricted to root access only.
CVSS v2 metrics
| Base Score | 4.7 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2011:0007 | 2011-01-11 |
Acknowledgements
Red Hat would like to thank Tavis Ormandy for reporting this issue.CVE description copyright © 2017, The MITRE Corporation