CVE-2014-4656

CVSS v2.0 4.6 (Medium)

EPSS 0.04 % (11^th)

Affected Products 9

Advisories 19

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.

Weaknesses

CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2014-07-03 04:22:15
(10 years ago)
Updated Date: 2023-11-07 02:20:37
(10 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Redhat

Suse

Linux Enterprise Server

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 3.15.2 version	cpe:2.3:o:linux:linux_kernel		< 3.15.2

Configuration #2

		CPE23	From	Up To
	Suse Linux Enterprise Server 10 SP4	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm

Configuration #4

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Eus 6.6	cpe:2.3:o:redhat:enterprise_linux_eus:6.6
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
	Redhat Enterprise Linux Server Tus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0