Bug 50279 - (CVE-2004-0178) VUL-0: CVE-2004-0178: kernel: SoundBlaster code can be used to trigger local DoS
(CVE-2004-0178)
VUL-0: CVE-2004-0178: kernel: SoundBlaster code can be used to trigger local DoS
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Thomas Biege
Security Team bot
CVE-2004-0178: CVSS v2 Base Score: 2....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-03 16:53 UTC by Thomas Biege
Modified: 2021-09-26 10:53 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-03-03 16:53:23 UTC
And another one... 
 
Date: Wed, 03 Mar 2004 00:47:24 +0000 
From: Alan Cox <alan@lxorguk.ukuu.org.uk> 
To: vendor-sec@lst.de 
Subject: [vendor-sec] [Fwd: Kernel 2.4.25 : Bug in Sound Blaster code, DoS 
very easily done. (fwd)] 
 
Forwarding unreviewed. 
 
-----Forwarded Message----- 
> From: Marcelo Tosatti <marcelo.tosatti@cyclades.com> 
> To: akpm@osdl.org 
> Cc: alan@lxorguk.ukuu.org.uk 
> Subject: Kernel 2.4.25 : Bug in Sound Blaster code, DoS very easily done. 
(fwd) 
> Date: Tue, 02 Mar 2004 17:47:50 -0300 
> 
> 
> FYI 
> 
> ---------- Forwarded message ---------- 
> Date: Tue, 2 Mar 2004 00:33:18 +0100 
> From: Andreas Kies <andikies@t-online.de> 
> To: marcelo.tosatti@cyclades.com 
> Subject: Kernel 2.4.25 : Bug in Sound Blaster code, DoS very easily done. 
> 
> Hi Marcelo, 
> 
> The old OSS code contains a dangerous bug in the Sound Blaster 16 code part. 
> It is possible for every user that has access to the sound system to crash 
> the machine. 
> The reason for this is improperly handled 16 bit sample size. If you use an 
> odd number of bytes in 16 bit mode your machine will lock up. 
> The lockup is caused by the fact that only an even number of bytes are 
> processed, so the last byte is processed in an endless loop. 
> 
> Here is a patch that will fix the problem : 
> 
> --- drivers/sound/sb_audio.c.old     Wed Mar  6 18:23:49 2002 
> +++ drivers/sound/sb_audio.c Sun Feb 29 16:28:18 2004 
> @@ -879,7 +879,7 @@ 
>      c -= locallen; p += locallen; 
>      } 
>      /* used = ( samples * 16 bits size ) */ 
> -    *used = len << 1; 
> +    *used =  max_in  > ( max_out << 1) ? (max_out << 1) : max_in; 
>      /* returned = ( samples * 8 bits size ) */ 
>      *returned = len; 
>      } 
> 
> Please include this simple but helpful fix in the next 2.4.26-pre version. 
> Could you please inform Andrew, because the same bug is in 2.6 ? 
> Please ask me if you have any problems with this change. 
> 
> Many thanks. 
> 
> Andreas
Comment 1 Thomas Biege 2004-03-03 16:53:23 UTC
<!-- SBZ_reproduce  -->
-
Comment 2 Hubert Mantel 2004-03-04 00:47:55 UTC
Fixes are in, kernels are waiting for check in.
Comment 3 Thomas Biege 2004-03-09 20:32:50 UTC
CAN-2004-0178 
Comment 4 Thomas Biege 2004-03-12 20:25:59 UTC
Issue is PUBLIC. 
Comment 5 Thomas Biege 2004-03-24 00:56:20 UTC
packages released. 
Comment 6 Thomas Biege 2009-10-13 20:16:32 UTC
CVE-2004-0178: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)