CVE-2014-4653 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Mrg
Suse	Linux Enterprise Server

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-504.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1392	2014-10-13T00:00:00Z
Red Hat Enterprise Linux 7
kernel-0:3.10.0-123.9.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2014:1724	2014-10-28T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-0:3.10.33-rt32.45.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2014:1083	2014-08-20T00:00:00Z

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://rhn.redhat.com/errata/RHSA-2014-1083.html
http://secunia.com/advisories/59434
http://secunia.com/advisories/59777
http://secunia.com/advisories/60545
http://secunia.com/advisories/60564
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
http://www.openwall.com/lists/oss-security/2014/06/26/6
http://www.securityfocus.com/bid/68164
http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1
https://bugzilla.redhat.com/show_bug.cgi?id=1113409
https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d
https://nvd.nist.gov/vuln/detail/CVE-2014-4653
https://www.cve.org/CVERecord?id=CVE-2014-4653

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-18T00:00:00", "descriptions": [{"lang": "en", "value": "sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "60545", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60545"}, {"name": "68164", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68164"}, {"name": "USN-2335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409"}, {"name": "60564", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60564"}, {"name": "RHSA-2014:1083", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"name": "59777", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59777"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"name": "59434", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59434"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"name": "[oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/6"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "60545", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60545"}, {"name": "68164", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68164"}, {"name": "USN-2335-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409"}, {"name": "60564", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60564"}, {"name": "RHSA-2014:1083", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"name": "59777", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59777"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd9f26e4eca5d08a27d12c0933fceef76ed9663d", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"name": "59434", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59434"}, {"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"name": "https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"name": "[oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/06/26/6"}, {"name": "SUSE-SU-2015:0812", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:20:26.712Z"}, "title": "CVE Program Container", "references": [{"name": "60545", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60545"}, {"name": "68164", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68164"}, {"name": "USN-2335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"name": "USN-2334-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409"}, {"name": "60564", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60564"}, {"name": "RHSA-2014:1083", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"name": "59777", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59777"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"name": "59434", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59434"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"name": "[oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/6"}, {"name": "SUSE-SU-2015:0812", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4653", "datePublished": "2014-07-03T01:00:00", "dateReserved": "2014-06-25T00:00:00", "dateUpdated": "2024-08-06T11:20:26.712Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-06-18T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-01-04T20:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 60545 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/60545 (string)

}

1 : { »

name : 68164 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/68164 (string)

}

2 : { »

name : USN-2335-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2335-1 (string)

}

3 : { »

name : USN-2334-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2334-1 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

}

5 : { »

name : 60564 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/60564 (string)

}

6 : { »

name : RHSA-2014:1083 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1083.html (string)

}

7 : { »

name : 59777 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59777 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

9 : { »

name : 59434 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59434 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

12 : { »

name : [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2014/06/26/6 (string)

}

13 : { »

name : SUSE-SU-2015:0812 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2014-4653 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 60545 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/60545 (string)

}

1 : { »

name : 68164 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/68164 (string)

}

2 : { »

name : USN-2335-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2335-1 (string)

}

3 : { »

name : USN-2334-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2334-1 (string)

}

4 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

}

5 : { »

name : 60564 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/60564 (string)

}

6 : { »

name : RHSA-2014:1083 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-1083.html (string)

}

7 : { »

name : 59777 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59777 (string)

}

8 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

9 : { »

name : 59434 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59434 (string)

}

10 : { »

name : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 (string)

refsource : CONFIRM (string)

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 (string)

}

11 : { »

name : https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

refsource : CONFIRM (string)

url : https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

12 : { »

name : [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2014/06/26/6 (string)

}

13 : { »

name : SUSE-SU-2015:0812 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T11:20:26.712Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 60545 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/60545 (string)

}

1 : { »

name : 68164 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/68164 (string)

}

2 : { »

name : USN-2335-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2335-1 (string)

}

3 : { »

name : USN-2334-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2334-1 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

}

5 : { »

name : 60564 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/60564 (string)

}

6 : { »

name : RHSA-2014:1083 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1083.html (string)

}

7 : { »

name : 59777 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59777 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

9 : { »

name : 59434 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59434 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

12 : { »

name : [oss-security] 20140626 Re: CVE Request: Linux kernel ALSA core control API vulnerabilities (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2014/06/26/6 (string)

}

13 : { »

name : SUSE-SU-2015:0812 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2014-4653 (string)

datePublished : 2014-07-03T01:00:00 (string)

dateReserved : 2014-06-25T00:00:00 (string)

dateUpdated : 2024-08-06T11:20:26.712Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "588069C4-9D69-48F6-913F-2FEB3E643870", "versionEndExcluding": "3.15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access."}, {"lang": "es", "value": "sound/core/control.c de la implementaci\u00f3n del control de ALSA en el kernel de Linux anterior a 3.15.2 no asegura la posesi\u00f3n de un bloqueo de lectura/escritura, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n) y obtener informaci\u00f3n sensible de la memoria del kernel al aprovechar el acceso a /dev/snd/controlICX."}], "id": "CVE-2014-4653", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-03T04:22:15.747", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59434"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59777"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60564"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68164"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1083.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59777"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/06/26/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2334-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2335-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 588069C4-9D69-48F6-913F-2FEB3E643870 (string)

versionEndExcluding : 3.15.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:* (string)

matchCriteriaId : 35BBD83D-BDC7-4678-BE94-639F59281139 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* (string)

matchCriteriaId : 8D305F7A-D159-4716-AB26-5E38BB5CD991 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (string)

}

1 : { »

lang : es (string)

value : sound/core/control.c de la implementación del control de ALSA en el kernel de Linux anterior a 3.15.2 no asegura la posesión de un bloqueo de lectura/escritura, lo que permite a usuarios locales provocar una denegación de servicio (uso después de liberación) y obtener información sensible de la memoria del kernel al aprovechar el acceso a /dev/snd/controlICX. (string)

}

]

id : CVE-2014-4653 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-07-03T04:22:15.747 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1083.html (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/59434 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/59777 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60545 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60564 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2014/06/26/6 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/68164 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2334-1 (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2335-1 (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1083.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/59434 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/59777 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60545 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60564 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2014/06/26/6 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/68164 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2334-1 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2335-1 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/torvalds/linux/commit/fd9f26e4eca5d08a27d12c0933fceef76ed9663d (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2014:1392", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2014:1724", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-123.9.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-10-28T00:00:00Z"}, {"advisory": "RHSA-2014:1083", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.10.33-rt32.45.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2014-08-20T00:00:00Z"}], "bugzilla": {"description": "Kernel: ALSA: control: do not access controls outside of protected regions", "id": "1113409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1113409"}, "csaw": false, "cvss": {"cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified"}, "cwe": "CWE-416", "details": ["sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system."], "name": "CVE-2014-4653", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-4653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4653"], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2014:1392 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : kernel-0:2.6.32-504.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-13T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:1724 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : kernel-0:3.10.0-123.9.2.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2014-10-28T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2014:1083 (string)

cpe : cpe:/a:redhat:enterprise_mrg:2:server:el6 (string)

package : kernel-rt-0:3.10.33-rt32.45.el6rt (string)

product_name : Red Hat Enterprise MRG 2 (string)

release_date : 2014-08-20T00:00:00Z (string)

}

]

bugzilla : { »

description : Kernel: ALSA: control: do not access controls outside of protected regions (string)

id : 1113409 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1113409 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 3.8 (string)

cvss_scoring_vector : AV:L/AC:H/Au:S/C:N/I:N/A:C (string)

status : verified (string)

}

cwe : CWE-416 (string)

details : [ »

0 : sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (string)

1 : A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (string)

]

name : CVE-2014-4653 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2014-06-18T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-4653 https://nvd.nist.gov/vuln/detail/CVE-2014-4653 (string)

]

statement : This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. (string)

threat_severity : Moderate (string)

}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object