PT-2016-2614 · Linux+3 · Linux Kernel+3
Published
2016-08-06
·
Updated
2026-03-14
·
CVE-2014-9892
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions through 4.7
Android versions prior to 2016-08-05
Description
The issue is related to the improper initialization of a timestamp data structure in the snd compr tstamp function. This allows attackers to obtain sensitive information via a crafted application. The problem is associated with the sound/core/compress offload.c file in the Linux kernel.
Recommendations
For Linux kernel versions through 4.7, update to a version later than 4.7 to resolve the issue.
For Android versions prior to 2016-08-05, update to a version released after 2016-08-05 to mitigate the risk.
As a temporary workaround, consider restricting access to the snd compr tstamp function until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Android
Debian
Linux Kernel