CVE-2014-4656

Name of the Vulnerable Software and Affected Versions openSUSE kernel-default (affected versions not specified) openSUSE libipset3 (affected versions not specified) openSUSE ndiswrapper-kmp-pae (affected versions not specified) openSUSE hdjmod-kmp-xen (affected versions not specified) CentOS kernel-headers-2.6.32 (affected versions not specified) openSUSE kernel-trace-base-debuginfo (affected versions not specified) openSUSE cloop-debugsource (affected versions not specified) openSUSE crash-kmp-pae-debuginfo (affected versions not specified) openSUSE ipset-kmp-pae (affected versions not specified) openSUSE hdjmod-kmp-xen-debuginfo (affected versions not specified) openSUSE ipset-kmp-pae-debuginfo (affected versions not specified) openSUSE vhba-kmp-desktop-debuginfo (affected versions not specified) openSUSE iscsitarget-kmp-pae-debuginfo (affected versions not specified) openSUSE crash-debugsource (affected versions not specified) openSUSE iscsitarget-kmp-xen-debuginfo (affected versions not specified) openSUSE hdjmod-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-xen (affected versions not specified) openSUSE hdjmod-debugsource (affected versions not specified) Red Hat Enterprise Linux kernel-debuginfo-common-i686 (affected versions not specified) Red Hat Enterprise Linux kernel-doc-2.6.32 (affected versions not specified) openSUSE crash (affected versions not specified) openSUSE crash-doc (affected versions not specified) openSUSE iscsitarget-kmp-xen (affected versions not specified) Red Hat Enterprise Linux kernel-debug-devel-2.6.32 (affected versions not specified) openSUSE iscsitarget-debugsource (affected versions not specified) openSUSE kernel-pae-devel-debuginfo (affected versions not specified) CentOS kernel-abi-whitelists-2.6.32 (affected versions not specified) openSUSE hdjmod-kmp-pae-debuginfo (affected versions not specified) openSUSE xtables-addons-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-default-debuginfo (affected versions not specified) openSUSE kernel-vanilla-devel (affected versions not specified) openSUSE iscsitarget-kmp-desktop (affected versions not specified) openSUSE ndiswrapper-debuginfo (affected versions not specified) openSUSE kernel-pae-debugsource (affected versions not specified) openSUSE vhba-kmp-default (affected versions not specified) openSUSE kernel-trace-devel-debuginfo (affected versions not specified) openSUSE hdjmod-kmp-default-debuginfo (affected versions not specified) openSUSE cloop-kmp-xen-debuginfo (affected versions not specified) CentOS kernel-firmware-2.6.32 (affected versions not specified) Red Hat Enterprise Linux kernel-headers-2.6.32 (affected versions not specified) openSUSE kernel-vanilla-debuginfo (affected versions not specified) openSUSE vhba-kmp-xen-debuginfo (affected versions not specified) openSUSE ndiswrapper (affected versions not specified) openSUSE pcfclock-debuginfo (affected versions not specified) CentOS kernel-debug-2.6.32 (affected versions not specified) openSUSE cloop-kmp-desktop (affected versions not specified) openSUSE hdjmod-kmp-desktop (affected versions not specified) openSUSE kernel-ec2-debuginfo (affected versions not specified) openSUSE crash-gcore-debuginfo (affected versions not specified) openSUSE crash-kmp-default (affected versions not specified) openSUSE kernel-xen-base-debuginfo (affected versions not specified) Red Hat Enterprise Linux kernel-firmware-2.6.32 (affected versions not specified) openSUSE ipset-kmp-default-debuginfo (affected versions not specified) openSUSE libipset3 (affected versions not specified) openSUSE ndiswrapper-kmp-desktop-debuginfo (affected versions not specified) openSUSE crash-debuginfo (affected versions not specified) openSUSE kernel-ec2-base-debuginfo (affected versions not specified) openSUSE kernel-desktop (affected versions not specified) openSUSE xtables-addons-kmp-pae (affected versions not specified) openSUSE kernel-default-devel (affected versions not specified) openSUSE ndiswrapper-kmp-default-debuginfo (affected versions not specified) openSUSE crash-kmp-desktop (affected versions not specified) openSUSE kernel-vanilla-debugsource (affected versions not specified) openSUSE crash-eppic-debuginfo (affected versions not specified) openSUSE vhba-kmp-pae-debuginfo (affected versions not specified) openSUSE kernel-devel (affected versions not specified) openSUSE kernel-ec2-devel (affected versions not specified) openSUSE ipset-devel (affected versions not specified) openSUSE pcfclock (affected versions not specified) CentOS kernel-2.6.32 (affected versions not specified) openSUSE kernel-xen-base (affected versions not specified) openSUSE cloop-kmp-default-debuginfo (affected versions not specified) Red Hat Enterprise Linux kernel-debuginfo-2.6.32 (affected versions not specified) openSUSE kernel-xen-debuginfo (affected versions not specified) Red Hat Enterprise Linux kernel-2.6.32 (affected versions not specified) openSUSE kernel-ec2 (affected versions not specified) openSUSE kernel-debug-devel-debuginfo (affected versions not specified) openSUSE kernel-desktop-devel (affected versions not specified) openSUSE xtables-addons-kmp-default (affected versions not specified) Red Hat Enterprise Linux kernel-debug-2.6.32 (affected versions not specified) openSUSE pcfclock-kmp-pae (affected versions not specified) openSUSE ipset-debuginfo (affected versions not specified) openSUSE kernel-trace (affected versions not specified) openSUSE ndiswrapper-debugsource (affected versions not specified) openSUSE xtables-addons-kmp-desktop (affected versions not specified) openSUSE xtables-addons-kmp-xen (affected versions not specified) openSUSE xtables-addons-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-debuginfo-common-i686 (affected versions not specified) openSUSE ipset-kmp-xen-debuginfo (affected versions not specified) openSUSE kernel-pae-debuginfo (affected versions not specified) openSUSE cloop (affected versions not specified) openSUSE kernel-debug-devel (affected versions not specified) openSUSE pcfclock-kmp-desktop-debuginfo (affected versions not specified) openSUSE ndiswrapper-kmp-pae (affected versions not specified) openSUSE crash-kmp-xen-debuginfo (affected versions not specified) openSUSE ipset-debugsource (affected versions not specified) openSUSE vhba-kmp-debugsource (affected versions not specified) openSUSE xtables-addons-kmp-xen-debuginfo (affected versions not specified) openSUSE xtables-addons-debuginfo (affected versions not specified) openSUSE kernel-debug-debuginfo (affected versions not specified) openSUSE kernel-syms (affected versions not specified) openSUSE kernel-ec2-devel-debuginfo (affected versions not specified) openSUSE kernel-trace-debugsource (affected versions not specified) openSUSE kernel-debug-base (affected versions not specified) openSUSE kernel-xen-devel (affected versions not specified) Red Hat Enterprise Linux kernel-devel-2.6.32 (affected versions not specified) openSUSE cloop-debuginfo (affected versions not specified) openSUSE vhba-kmp-pae (affected versions not specified) openSUSE pcfclock-kmp-default-debuginfo (affected versions not specified) openSUSE iscsitarget-kmp-default (affected versions not specified) openSUSE kernel-pae-base (affected versions not specified) openSUSE kernel-ec2-debugsource (affected versions not specified) openSUSE ipset (affected versions not specified) openSUSE ndiswrapper-kmp-desktop (affected versions not specified) openSUSE cloop-kmp-xen (affected versions not specified) openSUSE hdjmod-kmp-default (affected versions not specified) openSUSE kernel-vanilla-devel-debuginfo (affected versions not specified) openSUSE kernel-docs (affected versions not specified) openSUSE crash-gcore (affected versions not specified) openSUSE ipset-kmp-desktop (affected versions not specified) openSUSE kernel-ec2-devel (affected versions not specified) openSUSE crash-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-ec2-base (affected versions not specified) openSUSE xtables-addons-debugsource (affected versions not specified) openSUSE kernel-vanilla (affected versions not specified) openSUSE pcfclock-kmp-default (affected versions not specified) openSUSE kernel-default-devel-debuginfo (affected versions not specified) openSUSE kernel-source-vanilla (affected versions not specified) openSUSE cloop-kmp-pae (affected versions not specified) openSUSE iscsitarget-kmp-desktop-debuginfo (affected versions not specified) Red Hat Enterprise Linux kernel-abi-whitelists-2.6.32 (affected versions not specified) openSUSE kernel-pae-base-debuginfo (affected versions not specified) openSUSE cloop-kmp-pae-debuginfo (affected versions not specified) CentOS kernel-debuginfo-2.6.32 (affected versions not specified) CentOS kernel-debug-devel-2.6.32 (affected versions not specified) CentOS kernel-doc-2.6.32 (affected versions not specified) openSUSE pcfclock-kmp-desktop (affected versions not specified) openSUSE kernel-pae (affected versions not specified) openSUSE kernel-debug-debugsource (affected versions not specified) openSUSE kernel-trace-debuginfo (affected versions not specified) openSUSE crash-eppic (affected versions not specified) openSUSE iscsitarget-kmp-default-debuginfo (affected versions not specified) openSUSE crash-kmp-pae (affected versions not specified) openSUSE kernel-default-base (affected versions not specified) openSUSE cloop-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-xen-devel (affected versions not specified) openSUSE gfs2-kmp-xen (affected versions not specified) CentOS kernel-devel-2.6.32 (affected versions not specified) openSUSE cloop-kmp-default (affected versions not specified) openSUSE kernel-desktop-debugsource (affected versions not specified) openSUSE crash-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-default-debugsource (affected versions not specified) openSUSE kernel-desktop-base (affected versions not specified) openSUSE kernel-pae-devel (affected versions not specified) openSUSE pcfclock-kmp-pae-debuginfo (affected versions not specified) openSUSE iscsitarget-kmp-pae (affected versions not specified) openSUSE vhba-kmp-xen (affected versions not specified) openSUSE iscsitarget-debuginfo (affected versions not specified) openSUSE pcfclock-debugsource (affected versions not specified) openSUSE hdjmod-kmp-pae (affected versions not specified) openSUSE kernel-xen-devel-debuginfo (affected versions not specified) openSUSE vhba-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-pae-devel (affected versions not specified) openSUSE kernel-xen-debugsource (affected versions not specified) openSUSE crash-kmp-xen (affected versions not specified) openSUSE kernel-trace-devel (affected versions not specified) openSUSE ndiswrapper-kmp-default (affected versions not specified)

Description The issue is related to multiple integer overflows in the ALSA control implementation in the Linux kernel. The overflows occur in the snd ctl add function when handling index values and in the snd ctl remove numid conflict function when handling numid values. This can lead to a denial of service by leveraging /dev/snd/controlCX access. The vulnerability can be exploited remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.