CVE-2014-9904
Published: 27 June 2016
The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.
From the Ubuntu security team
It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. A local attacker could use this to cause a denial of service (system crash).
Priority
Medium
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
Patches: Introduced by b35cc8225845112a616e3a2266d2fde5ab13d3ab Fixed by 6217e5ede23285ddfee10d2e4ba0cc2d4c046205 |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(3.17~rc1)
|
Notes
| Author | Note |
|---|---|
| jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9904
- https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205
- https://ubuntu.com/security/notices/USN-3127-1
- https://ubuntu.com/security/notices/USN-3127-2
- NVD
- Launchpad
- Debian