CVE-2014-4656

Опубликовано: 18 июн. 2014

Источник: redhat

CVSS2: 5

Описание

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.

An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2015:0087	27.01.2015
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2014:1971	09.12.2014
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2014:1083	20.08.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1113470Kernel: ALSA: control: integer overflow in id.index & id.numid

5 Medium

CVSS2

Связанные уязвимости

CVE-2014-4656

ubuntu

почти 11 лет назад

CVE-2014-4656

nvd

почти 11 лет назад

CVE-2014-4656

debian

почти 11 лет назад

Multiple integer overflows in sound/core/control.c in the ALSA control ...

GHSA-8hjr-53g2-5g69

github

около 3 лет назад

ELSA-2015-0087

oracle-oval

больше 10 лет назад

ELSA-2015-0087: kernel security and bug fix update (IMPORTANT)

5 Medium

CVSS2