CVE-2012-6703 : Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress

Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Published 2016-06-29 14:10:00

Updated 2023-01-17 21:45:40

Source SUSE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-6703

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-6703

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2012-6703

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6703

https://www.kernel.org/pub/linux/kernel/next/patch-v3.6-rc6-next-20120917.xz

Patch
https://github.com/torvalds/linux/commit/b35cc8225845112a616e3a2266d2fde5ab13d3ab

ALSA: compress_core: integer overflow in snd_compr_allocate_buffer() · torvalds/linux@b35cc82 · GitHub
Vendor Advisory
http://www.securityfocus.com/bid/91502

Linux Kernel CVE-2012-6703 Local Integer Overflow Vulnerability
Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2016/06/28/6

oss-security - Re: CVE Request: integer overflow in ALSA snd_compress_check_input
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1351076

1351076 – (CVE-2012-6703) CVE-2012-6703 kernel: Integer overflow in compress_core
Issue Tracking
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab

kernel/git/torvalds/linux.git - Linux kernel source tree
Vendor Advisory
http://www.securitytracker.com/id/1036190

Linux Kernel ALSA snd_compr_allocate_buffer() Lets Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

Products affected by CVE-2012-6703

Linux » Linux Kernel
Versions from including (>=) 3.3 and before (<) 3.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-6703

Exploit prediction scoring system (EPSS) score for CVE-2012-6703

CVSS scores for CVE-2012-6703

CWE ids for CVE-2012-6703

References for CVE-2012-6703

Products affected by CVE-2012-6703