UBUNTU-CVE-2014-9904

Details

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Affected Packages

Ubuntu:14.04:LTSlinux

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+89 more

Fixed in:

3.13.0-101.148

Ubuntu:16.04:LTSlinux

Fixed in:

4.2.0-16.19

Ubuntu:14.04:LTSlinux-aws

Fixed in:

4.4.0-1002.2

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1001.10

Ubuntu:16.04:LTSlinux-gke

Fixed in:

4.4.0-1003.3

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.8.0-36.36~16.04.1

Ubuntu:14.04:LTSlinux-lts-vivid

Fixed in:

3.19.0-18.18~14.04.1

Ubuntu:14.04:LTSlinux-lts-wily

Fixed in:

4.2.0-18.22~14.04.1

Ubuntu:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-13.29~14.04.1

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.2.0-1013.19

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1012.12

References

REPORThttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205 REPORThttps://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205 REPORThttps://ubuntu.com/security/CVE-2014-9904 REPORThttps://ubuntu.com/security/notices/USN-3127-1 REPORThttps://ubuntu.com/security/notices/USN-3127-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2014-9904

UBUNTU-CVE-2014-9904

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline