Bug 1113406 (CVE-2014-4652) - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure
Summary: CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & me...
Status: CLOSED ERRATA
Alias: CVE-2014-4652
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20140618,reported=2...
Keywords: Security
Depends On: 1117336 1117337 1117338 1117339 1117340
Blocks: 1112943
TreeView+ depends on / blocked
 
Reported: 2014-06-26 07:01 UTC by Prasad J Pandit
Modified: 2019-06-08 20:05 UTC (History)
29 users (show)

(edit)
An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space.
Clone Of:
(edit)
Last Closed: 2015-07-22 19:27:40 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:1083 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2014-08-20 14:51:31 UTC
Red Hat Product Errata RHSA-2014:1971 normal SHIPPED_LIVE Important: kernel security and bug fix update 2014-12-10 01:33:29 UTC
Red Hat Product Errata RHSA-2015:1272 normal SHIPPED_LIVE Moderate: kernel security, bug fix, and enhancement update 2015-07-22 11:56:25 UTC

Description Prasad J Pandit 2014-06-26 07:01:12 UTC
Linux kernel built with the Advanced Linux Sound Architecture(ALSA) sound
system support(CONFIG_SND) is vulnerable to an information leakage flaw. It
could occur when two applications try to access control state simultaneously.

A user/application could use this flaw to leak arbitrary kernel memory bytes.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/07f4d9d74a04aa7c72c5dae0ef97565f28f17b92

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2014/06/26/6

Comment 1 Prasad J Pandit 2014-07-08 13:29:12 UTC
Statement:

(none)

Comment 5 Martin Prpič 2014-08-18 11:18:12 UTC
IssueDescription:

An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space.

Comment 6 errata-xmlrpc 2014-08-20 10:51:45 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2014:1083 https://rhn.redhat.com/errata/RHSA-2014-1083.html

Comment 7 errata-xmlrpc 2014-12-09 20:34:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html

Comment 8 errata-xmlrpc 2015-07-22 08:09:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2015:1272 https://rhn.redhat.com/errata/RHSA-2015-1272.html


Note You need to log in before you can comment on or make changes to this bug.