CVE-2014-9904

Ubuntu Security Notice USN-3127-2

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

La función snd_compress_check_input en sound/core/compress_offload.c en el subsistema ALSA en el kernel de Linux en versiones anteriores a 3.17 no comprueba correctamente un desbordamiento de enteros, lo que permite a usuarios locales provocar una denegación de servicio (insuficiente asignación de memoría) o posiblemente tener otros impactos no especificados a través de una llamada SNDRV_COMPRESS_SET_PARAMS ioctl manipulada.

It was discovered that the compression handling code in the Advanced Linux Sound Architecture subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service. Kirill A. Shutemov discovered that memory manager in the Linux kernel did not properly handle anonymous pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-06-24 CVE Reserved
2016-06-27 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/91510	Third Party Advisory
http://www.securitytracker.com/id/1036189	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205	2023-01-17
https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205	2023-01-17

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	2023-01-17
http://www.debian.org/security/2016/dsa-3616	2023-01-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 3.12.62 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 3.12.62"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.13 < 3.16.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.37"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Novell Search vendor "Novell"		Suse Linux Enterprise Real Time Extension Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension"				12 Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension" and version "12"		sp1		Affected