Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-4652
HistoryJul 03, 2014 - 12:00 a.m.

CVE-2014-4652

2014-07-0300:00:00
ubuntu.com
ubuntu.com
30
cve-2014-4652
linux kernel
alsa control
race condition
sensitive information
access control

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

10.1%

Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
implementation in the Linux kernel before 3.15.2 allows local users to
obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access.

Bugs

Notes

Author Note
jdstrand android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-65.131UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-68.102UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-35.62UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1637.54UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-369.85UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-35.62~precise1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1452.72UNKNOWN

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

10.1%