exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2014-4652

Status Candidate

Overview

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Related Files

Red Hat Security Advisory 2015-1272-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1272-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Linux kernel's Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-3184, CVE-2014-3940, CVE-2014-4652, CVE-2014-8133, CVE-2014-8709, CVE-2014-9683, CVE-2015-0239, CVE-2015-3339
SHA-256 | a0958131e790da4a4a3c2464e5f81a5e71381222d235d37ba86f8fab68e73822
Red Hat Security Advisory 2014-1971-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1971-01 - A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2014-1739, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5045, CVE-2014-6410
SHA-256 | 259b2a7a6414f480013fd35c56afb4dd38c3314536fa54e70f0ac1b44239b896
Ubuntu Security Notice USN-2337-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2337-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
SHA-256 | 5ea5d0d4314836f6fa6b24d0a0cb4c1a706d5ad137e84b32d12c47f0bb15b899
Ubuntu Security Notice USN-2336-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2336-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
SHA-256 | dc7e46f4955a3c32910dc04c40a47f9d4510df5db2814339aa3608859251c2df
Ubuntu Security Notice USN-2335-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2335-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 1f6469115ae1e9bf66756c1ba511a70b860e32a6a371a0d0f97c5240fda89fc0
Ubuntu Security Notice USN-2334-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2334-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 320de95f33b6f9a2559cca5cb221b03f3c70a08b3d9447fe4ab94e546233d565
Ubuntu Security Notice USN-2333-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2333-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 937ac3be9b799434ac81bf071aed2f115c6f145b2044ee77c51f45a088575c99
Ubuntu Security Notice USN-2332-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2332-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | d9919ad7ce17798e27ac5fdcd220af2dd382306a3e0b6db94d1b04fc95bac660
Red Hat Security Advisory 2014-1083-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1083-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. Multiple use-after-free flaws and an integer overflow flaw were found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use either of these flaws to crash the system.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5077
SHA-256 | 25199bf469feb34a9e53eaf2a67aadf4f5d1928513f4233128fae0cbe57edc83
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
SHA-256 | 6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close