CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
10.1%
Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control
implementation in the Linux kernel before 3.15.2 allows local users to
obtain sensitive information from kernel memory by leveraging
/dev/snd/controlCX access.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-65.131 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-68.102 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-35.62 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1637.54 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-369.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-35.62~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1452.72 | UNKNOWN |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
www.openwall.com/lists/oss-security/2014/06/26/6
bugzilla.redhat.com/show_bug.cgi?id=1113406
github.com/torvalds/linux/commit/07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
launchpad.net/bugs/cve/CVE-2014-4652
nvd.nist.gov/vuln/detail/CVE-2014-4652
security-tracker.debian.org/tracker/CVE-2014-4652
ubuntu.com/security/notices/USN-2332-1
ubuntu.com/security/notices/USN-2333-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
ubuntu.com/security/notices/USN-2336-1
ubuntu.com/security/notices/USN-2337-1
www.cve.org/CVERecord?id=CVE-2014-4652