Vulnerability CVE-2014-4652: Information

Description

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Severity: LOW (1.9)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-4652
Published: July 3, 2014
Modified: Nov. 7, 2023
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-defsisyphus3.18.21-alt16.1.89-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defp103.18.21-alt15.10.213-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defp93.18.21-alt15.4.274-alt1ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defc9f23.18.21-alt15.10.214-alt0.c9f.2ALT-PU-2015-1794-1149359Fixed
kernel-image-std-defc74.4.93-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2017-2509-1191210Fixed
kernel-image-un-defsisyphus3.15.2-alt16.6.29-alt1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defp103.15.2-alt16.1.85-alt1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defp93.15.2-alt15.10.215-alt1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defc10f13.15.2-alt16.1.85-alt0.c10f.1ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defc9f23.15.2-alt15.10.29-alt2ALT-PU-2014-1847-1122470Fixed
kernel-image-un-defc73.15.2-alt14.9.277-alt0.M70C.1ALT-PU-2014-1849-1122501Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
  • Release Notes
  • Vendor Advisory
[oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities
  • Mailing List
  • Third Party Advisory
https://github.com/torvalds/linux/commit/07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1113406
  • Issue Tracking
  • Third Party Advisory
59434
  • Third Party Advisory
59777
  • Third Party Advisory
60564
  • Third Party Advisory
RHSA-2014:1083
  • Third Party Advisory
USN-2334-1
  • Third Party Advisory
USN-2335-1
  • Third Party Advisory
SUSE-SU-2015:0812
  • Mailing List
  • Third Party Advisory
RHSA-2015:1272
  • Third Party Advisory
60545
  • Third Party Advisory
linux-kernel-cve20144652-info-disc(94412)
  • Third Party Advisory
  • VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=07f4d9d74a04aa7c72c5dae0ef97565f28f17b92

      1. Configuration 1

        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        End excliding
        3.15.2

        Configuration 2

        cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

        Configuration 3

        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

        Configuration 4

        cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top