Vulnerability Details : CVE-2011-0712
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.
Vulnerability category: OverflowDenial of service
Threat overview for CVE-2011-0712
Top countries where our scanners detected CVE-2011-0712
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2011-0712 1,472
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-0712!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-0712
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 32 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0712
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2011-0712
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0712
-
http://www.openwall.com/lists/oss-security/2011/02/16/5
oss-security - kernel: ALSA: caiaq - Fix possible string-buffer overflowMailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=677881
677881 – (CVE-2011-0712) CVE-2011-0712 kernel: ALSA: caiaq - Fix possible string-buffer overflowIssue Tracking;Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=eaae55dac6b64c0616046436b294e69fc5311581
-
http://www.ubuntu.com/usn/USN-1146-1
USN-1146-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65461
Linux Kernel USB device buffer overflow CVE-2011-0712 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2011/02/16/12
oss-security - Re: kernel: ALSA: caiaq - Fix possible string-buffer overflowMailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/02/16/11
oss-security - Re: kernel: ALSA: caiaq - Fix possible string-buffer overflowMailing List;Patch;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2
404: File not foundBroken Link
-
http://www.securityfocus.com/bid/46419
Linux Kernel Native Instruments USB Device Name String Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2011-0712
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*