CVE-2014-9892

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.7 Android versions prior to 2016-08-05

Description The issue is related to the improper initialization of a timestamp data structure in the snd compr tstamp function. This allows attackers to obtain sensitive information via a crafted application. The problem is associated with the sound/core/compress offload.c file in the Linux kernel.

Recommendations For Linux kernel versions through 4.7, update to a version later than 4.7 to resolve the issue. For Android versions prior to 2016-08-05, update to a version released after 2016-08-05 to mitigate the risk. As a temporary workaround, consider restricting access to the snd compr tstamp function until a patch is available.