K30905674 : Linux kernel vulnerability CVE-2014-9904

2016-07-1500:00:00

my.f5.com

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

Security Advisory Description

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.(CVE-2014-9904)
Impact
There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.6.0
big-ip afmeq11.6.1
big-ip afmeq12.0.0

Name	Operator	Version
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.6.0
big-ip afm	eq	11.6.1
big-ip afm	eq	12.0.0