CVE-2014-4654

Name of the Vulnerable Software and Affected Versions openSUSE kernel-default (affected versions not specified) openSUSE libipset3 (affected versions not specified) openSUSE ndiswrapper-kmp-pae (affected versions not specified) openSUSE hdjmod-kmp-xen (affected versions not specified) openSUSE kernel-trace-base-debuginfo (affected versions not specified) openSUSE cloop-debugsource (affected versions not specified) openSUSE crash-kmp-pae-debuginfo (affected versions not specified) openSUSE ipset-kmp-pae (affected versions not specified) openSUSE hdjmod-kmp-xen-debuginfo (affected versions not specified) openSUSE ipset-kmp-pae-debuginfo (affected versions not specified) openSUSE vhba-kmp-desktop-debuginfo (affected versions not specified) openSUSE iscsitarget-kmp-pae-debuginfo (affected versions not specified) openSUSE crash-debugsource (affected versions not specified) openSUSE iscsitarget-kmp-xen-debuginfo (affected versions not specified) openSUSE hdjmod-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-xen (affected versions not specified) openSUSE hdjmod-debugsource (affected versions not specified) openSUSE crash-doc (affected versions not specified) openSUSE crash (affected versions not specified) openSUSE iscsitarget-kmp-xen (affected versions not specified) openSUSE iscsitarget-debugsource (affected versions not specified) openSUSE kernel-pae-devel-debuginfo (affected versions not specified) openSUSE hdjmod-kmp-pae-debuginfo (affected versions not specified) openSUSE xtables-addons-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-default-debuginfo (affected versions not specified) openSUSE kernel-vanilla-devel (affected versions not specified) openSUSE iscsitarget-kmp-desktop (affected versions not specified) openSUSE ndiswrapper-debuginfo (affected versions not specified) openSUSE kernel-pae-debugsource (affected versions not specified) openSUSE vhba-kmp-default (affected versions not specified) openSUSE kernel-trace-devel-debuginfo (affected versions not specified) openSUSE hdjmod-kmp-default-debuginfo (affected versions not specified) openSUSE cloop-kmp-xen-debuginfo (affected versions not specified) openSUSE kernel-vanilla-debuginfo (affected versions not specified) openSUSE vhba-kmp-xen-debuginfo (affected versions not specified) openSUSE ndiswrapper (affected versions not specified) openSUSE pcfclock-debuginfo (affected versions not specified) openSUSE cloop-kmp-desktop (affected versions not specified) openSUSE hdjmod-kmp-desktop (affected versions not specified) openSUSE kernel-ec2 (affected versions not specified) openSUSE crash-kmp-default (affected versions not specified) openSUSE kernel-xen-base-debuginfo (affected versions not specified) openSUSE ipset-kmp-default-debuginfo (affected versions not specified) openSUSE libipset3 (affected versions not specified) openSUSE ndiswrapper-kmp-desktop-debuginfo (affected versions not specified) openSUSE crash-debuginfo (affected versions not specified) openSUSE kernel-ec2-base-debuginfo (affected versions not specified) openSUSE kernel-desktop (affected versions not specified) openSUSE xtables-addons-kmp-pae (affected versions not specified) openSUSE kernel-default-devel (affected versions not specified) openSUSE ndiswrapper-kmp-default-debuginfo (affected versions not specified) openSUSE crash-kmp-desktop (affected versions not specified) openSUSE kernel-vanilla-debugsource (affected versions not specified) openSUSE crash-eppic-debuginfo (affected versions not specified) openSUSE vhba-kmp-pae-debuginfo (affected versions not specified) openSUSE kernel-devel (affected versions not specified) openSUSE kernel-ec2-devel (affected versions not specified) openSUSE ipset-devel (affected versions not specified) openSUSE pcfclock (affected versions not specified) openSUSE kernel-xen-base (affected versions not specified) openSUSE cloop-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-xen-debuginfo (affected versions not specified) openSUSE kernel-debug-base-debuginfo (affected versions not specified) openSUSE kernel-desktop-debuginfo (affected versions not specified) openSUSE vhba-kmp-desktop (affected versions not specified) openSUSE ipset-kmp-default (affected versions not specified) openSUSE iscsitarget (affected versions not specified) openSUSE ipset-kmp-xen (affected versions not specified) openSUSE kernel-desktop-debuginfo (affected versions not specified) openSUSE kernel-source (affected versions not specified) openSUSE kernel-debug (affected versions not specified) openSUSE xtables-addons (affected versions not specified) openSUSE kernel-desktop-devel-debuginfo (affected versions not specified) openSUSE crash-devel (affected versions not specified) openSUSE ipset-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-trace-base (affected versions not specified) openSUSE xtables-addons-kmp-pae-debuginfo (affected versions not specified) openSUSE kernel-default-base-debuginfo (affected versions not specified) openSUSE kernel-ec2 (affected versions not specified) openSUSE kernel-debug-base (affected versions not specified) openSUSE kernel-xen-devel (affected versions not specified) openSUSE cloop-debuginfo (affected versions not specified) openSUSE vhba-kmp-pae (affected versions not specified) openSUSE pcfclock-kmp-default-debuginfo (affected versions not specified) openSUSE iscsitarget-kmp-default (affected versions not specified) openSUSE kernel-pae-base (affected versions not specified) openSUSE kernel-ec2-debugsource (affected versions not specified) openSUSE ipset (affected versions not specified) openSUSE ndiswrapper-kmp-desktop (affected versions not specified) openSUSE cloop-kmp-xen (affected versions not specified) openSUSE hdjmod-kmp-default (affected versions not specified) openSUSE kernel-vanilla-devel-debuginfo (affected versions not specified) openSUSE crash-gcore (affected versions not specified) openSUSE ipset-kmp-desktop (affected versions not specified) openSUSE kernel-docs (affected versions not specified) openSUSE kernel-ec2-devel (affected versions not specified) openSUSE crash-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-ec2-base (affected versions not specified) openSUSE xtables-addons-debugsource (affected versions not specified) openSUSE kernel-vanilla (affected versions not specified) openSUSE pcfclock-kmp-default (affected versions not specified) openSUSE kernel-default-devel-debuginfo (affected versions not specified) openSUSE kernel-source-vanilla (affected versions not specified) openSUSE cloop-kmp-pae (affected versions not specified) openSUSE iscsitarget-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-pae-base-debuginfo (affected versions not specified) openSUSE cloop-kmp-pae-debuginfo (affected versions not specified) openSUSE pcfclock-kmp-desktop (affected versions not specified) openSUSE kernel-pae (affected versions not specified) openSUSE kernel-debug-debugsource (affected versions not specified) openSUSE kernel-trace-debuginfo (affected versions not specified) openSUSE crash-eppic (affected versions not specified) openSUSE iscsitarget-kmp-default-debuginfo (affected versions not specified) openSUSE crash-kmp-pae (affected versions not specified) openSUSE kernel-default-base (affected versions not specified) openSUSE cloop-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-xen-devel (affected versions not specified) openSUSE gfs2-kmp-xen (affected versions not specified) openSUSE cloop-kmp-default (affected versions not specified) openSUSE kernel-desktop-debugsource (affected versions not specified) openSUSE crash-kmp-desktop-debuginfo (affected versions not specified) openSUSE kernel-default-debugsource (affected versions not specified) openSUSE kernel-pae-devel (affected versions not specified) openSUSE kernel-desktop-base (affected versions not specified) openSUSE pcfclock-kmp-pae-debuginfo (affected versions not specified) openSUSE iscsitarget-kmp-pae (affected versions not specified) openSUSE vhba-kmp-xen (affected versions not specified) openSUSE iscsitarget-debuginfo (affected versions not specified) openSUSE pcfclock-debugsource (affected versions not specified) openSUSE hdjmod-kmp-pae (affected versions not specified) openSUSE kernel-xen-devel-debuginfo (affected versions not specified) openSUSE vhba-kmp-default-debuginfo (affected versions not specified) openSUSE kernel-pae-devel (affected versions not specified) openSUSE kernel-xen-debugsource (affected versions not specified) openSUSE crash-kmp-xen (affected versions not specified) openSUSE kernel-trace-devel (affected versions not specified) openSUSE ndiswrapper-kmp-default (affected versions not specified)

Description The issue is related to multiple vulnerabilities in various packages of the openSUSE operating system. These vulnerabilities can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by leveraging access to /dev/snd/controlCX for an ioctl call, which may cause a denial of service (use-after-free and system crash). The snd ctl elem add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV CTL IOCTL ELEM REPLACE commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.