CVE-2014-9904

Опубликовано: 27 июн. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Комментарий

CWE-190: Integer Overflow or Wraparound

Ссылки

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
Mailing List
Third Party Advisory
http://www.debian.org/security/2016/dsa-3616
Third Party Advisory
http://www.securityfocus.com/bid/91510
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036189
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205
Patch
Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
Mailing List
Third Party Advisory
http://www.debian.org/security/2016/dsa-3616
Third Party Advisory
http://www.securityfocus.com/bid/91510
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036189
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.7 (включая) до 3.12.62 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.13 (включая) до 3.16.37 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00039

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2014-9904

CVSS3: 7.8

ubuntu

больше 9 лет назад

CVE-2014-9904

CVSS3: 5.5

redhat

больше 11 лет назад

CVE-2014-9904

CVSS3: 7.8

debian

больше 9 лет назад

The snd_compress_check_input function in sound/core/compress_offload.c ...

GHSA-94qv-77gg-mfm4

CVSS3: 7.8

github

больше 3 лет назад

SUSE-SU-2016:2105-1

suse-cvrf

больше 9 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 11%

0.00039

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-Other