Wind River Support Network

HomeDefectsLIN7-6476

Fixed

LIN7-6476 : Security Advisory - linux - CVE-2014-9904

Created: Jun 29, 2016 Updated: Sep 8, 2018

Resolved Date: Jul 11, 2016

Found In Version: 7.0.0.16

Fix Version: 7.0.0.18

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Kernel

Description

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.<a href=http://cwe.mitre.org/data/definitions/190.html>CWE-190: Integer Overflow or Wraparound</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9904

Other Downloads

Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2014-9904