QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9904

Published: Jun 27, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:2184

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205

x_refsource_CONFIRM

SUSE-SU-2016:2105

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1937

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.