1.9

CVE-2014-4652

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.15.2
SuseLinux Enterprise Server Version10 Updatesp4 SwEditionltss
CanonicalUbuntu Linux Version12.04 SwEditionesm
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.251
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59777
Third Party Advisory
http://secunia.com/advisories/60564
Third Party Advisory
http://www.ubuntu.com/usn/USN-2334-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2335-1
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1272.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
Vendor Advisory
Release Notes
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
http://rhn.redhat.com/errata/RHSA-2014-1083.html
Third Party Advisory
http://secunia.com/advisories/59434
Third Party Advisory
http://secunia.com/advisories/60545
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/06/26/6
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1113406
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/94412
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/07f4d9d74a04aa7c72c5dae0ef97565f28f17b92
Patch
Third Party Advisory