CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
10.1%
sound/core/control.c in the ALSA control implementation in the Linux kernel
before 3.15.2 does not ensure possession of a read/write lock, which allows
local users to cause a denial of service (use-after-free) and obtain
sensitive information from kernel memory by leveraging /dev/snd/controlCX
access.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-65.131 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-68.102 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-35.62 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1637.54 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-369.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-35.62~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1452.72 | UNKNOWN |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd9f26e4eca5d08a27d12c0933fceef76ed9663d
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
www.openwall.com/lists/oss-security/2014/06/26/6
bugzilla.redhat.com/show_bug.cgi?id=1113409
github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d
launchpad.net/bugs/cve/CVE-2014-4653
nvd.nist.gov/vuln/detail/CVE-2014-4653
security-tracker.debian.org/tracker/CVE-2014-4653
ubuntu.com/security/notices/USN-2332-1
ubuntu.com/security/notices/USN-2333-1
ubuntu.com/security/notices/USN-2334-1
ubuntu.com/security/notices/USN-2335-1
ubuntu.com/security/notices/USN-2336-1
ubuntu.com/security/notices/USN-2337-1
www.cve.org/CVERecord?id=CVE-2014-4653