exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

CVE-2014-4655

Status Candidate

Overview

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.

Related Files

Red Hat Security Advisory 2014-1971-01
Posted Dec 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1971-01 - A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2014-1739, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5045, CVE-2014-6410
MD5 | c13484ce6bd92254f94e1ce3bbe5be97
Red Hat Security Advisory 2014-1392-01
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1392-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file could possibly use this flaw to escalate their privileges on the system.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2013-4483, CVE-2014-0181, CVE-2014-3122, CVE-2014-3601, CVE-2014-4608, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-5045, CVE-2014-5077
MD5 | ce5c011782e060871393e1f94bb4027d
Ubuntu Security Notice USN-2337-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2337-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
MD5 | dbbb6010fa4cf8b2782d2b03faa5058d
Ubuntu Security Notice USN-2336-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2336-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
MD5 | 512ec312e05c43b36012905d6c16124b
Ubuntu Security Notice USN-2335-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2335-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
MD5 | b2b56c4decaade2422f6cea5038d3b83
Ubuntu Security Notice USN-2334-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2334-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
MD5 | de6fb71c3de2ded308a102611b701d03
Ubuntu Security Notice USN-2333-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2333-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
MD5 | b319d88618d7708b8d5a0fa717663719
Ubuntu Security Notice USN-2332-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2332-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
MD5 | 49500f35d16110bad13baad337b97205
Red Hat Security Advisory 2014-1083-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1083-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. Multiple use-after-free flaws and an integer overflow flaw were found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use either of these flaws to crash the system.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5077
MD5 | b735bada094171cf4bf6231b655ddce1
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
MD5 | 3d782401d1760680f0d614c6cde1ba1c
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close