Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-4655

Опубликовано: 03 июл. 2014
Источник: nvd
CVSS2: 4.9
EPSS Низкий

Описание

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 3.15.2 (исключая)
Конфигурация 2
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
Конфигурация 3
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

EPSS

Процентиль: 10%
0.00038
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2014-4655

ubuntu
около 11 лет назад

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

redhat логотип

CVE-2014-4655

redhat
около 11 лет назад

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

debian логотип

CVE-2014-4655

debian
около 11 лет назад

The snd_ctl_elem_add function in sound/core/control.c in the ALSA cont ...

github логотип

GHSA-2vv7-7crh-jr74

github
около 3 лет назад

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

oracle-oval логотип

ELSA-2014-3083

oracle-oval
почти 11 лет назад

ELSA-2014-3083: Unbreakable Enterprise kernel Security update (IMPORTANT)

EPSS

Процентиль: 10%
0.00038
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-190