The do_change_type routine did not correctly validation administrative
users. A local attacker could exploit this to block mount points or cause
private mounts to be shared, leading to denial of service or a possible
loss of privacy. (CVE-2008-2931)
Tobias Klein discovered that the OSS interface through ALSA did not
correctly validate the device number. A local attacker could exploit this
to access sensitive kernel memory, leading to a denial of service or a loss
of privacy. (CVE-2008-3272)
Zoltan Sogor discovered that new directory entries could be added to
already deleted directories. A local attacker could exploit this, filling
up available memory and disk space, leading to a denial of service.
(CVE-2008-3275)
