4.6
CVSSv2

CVE-2014-4654

Published: 03/07/2014 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 410
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel prior to 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

suse linux enterprise server 10

canonical ubuntu linux 12.04

Vendor Advisories

Debian Bug report logs - #751417 linux-image-320-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ) on MIPS (CVE-2014-4157) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Plamen Alexandrov <plamen@aomedacom> Date: Thu, 12 Jun 2014 16:21:01 ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls A local, privileged user could use this flaw to crash the system ...