4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.3%
Multiple integer overflows in sound/core/control.c in the ALSA control
implementation in the Linux kernel before 3.15.2 allow local users to cause
a denial of service by leveraging /dev/snd/controlCX access, related to (1)
index values in the snd_ctl_add function and (2) numid values in the
snd_ctl_remove_numid_conflict function.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | <Β 2.6.32-65.131 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | <Β 3.2.0-68.102 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | <Β 3.13.0-35.62 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Β 3.2.0-1637.54 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | <Β 2.6.32-369.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | <Β 3.13.0-35.62~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | <Β 3.2.0-1452.72 | UNKNOWN |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=883a1d49f0d77d30012f114b2e19fc141beb3e8e
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ac902c112d90a89e59916f751c2745f4dbdbb4bd
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
www.openwall.com/lists/oss-security/2014/06/26/6
bugzilla.redhat.com/show_bug.cgi?id=1113470
github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e
github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd
launchpad.net/bugs/cve/CVE-2014-4656
nvd.nist.gov/vuln/detail/CVE-2014-4656
security-tracker.debian.org/tracker/CVE-2014-4656
ubuntu.com/security/notices/USN-2332-1
ubuntu.com/security/notices/USN-2333-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
ubuntu.com/security/notices/USN-2336-1
ubuntu.com/security/notices/USN-2337-1
www.cve.org/CVERecord?id=CVE-2014-4656