CVE-2014-4656

Published: Jul 3, 2014Modified: May 6, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.

Affected (9)

Products: Linux: Linux Kernel · Suse: Linux Enterprise Server · Canonical: Ubuntu Linux · +1 more

Show all products

Linux: Linux Kernel · Suse: Linux Enterprise Server · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation

1 product

1 product

Linux Enterprise Server

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 3.15.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 10 sp4

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.6
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Server Tus	Version 6.6
Redhat Enterprise Linux Workstation	Version 6.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (36)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=883a1d49f0d77d30012f114b2e19fc141beb3e8e

Source: cve@mitre.org

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ac902c112d90a89e59916f751c2745f4dbdbb4bd

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1083.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0087.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/59434

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/59777

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60545

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/60564

Source: cve@mitre.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Source: cve@mitre.org

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2014/06/26/6

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securitytracker.com/id/1038201

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2334-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2335-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1113470

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd

Source: cve@mitre.org

PatchThird Party Advisory

https://source.android.com/security/bulletin/2017-04-01

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=883a1d49f0d77d30012f114b2e19fc141beb3e8e

Source: af854a3a-2127-422b-91ae-364da2661108

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ac902c112d90a89e59916f751c2745f4dbdbb4bd

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1083.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0087.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/59434

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/59777

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/60545

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/60564

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2014/06/26/6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securitytracker.com/id/1038201

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2334-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-2335-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1113470

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/883a1d49f0d77d30012f114b2e19fc141beb3e8e

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/ac902c112d90a89e59916f751c2745f4dbdbb4bd

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://source.android.com/security/bulletin/2017-04-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.