Vigil@nce - Linux kernel: multiple vulnerabilities of ALSA
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of ALSA of the Linux
kernel.
– Impacted products: Linux
– Severity: 2/4
– Creation date: 24/06/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in ALSA (Advanced Linux
Sound Architecture).
An attacker can read a memory fragment, in order to obtain
sensitive information. [severity:1/4; CVE-2014-4652]
An attacker can use a freed memory area, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
CVE-2014-4654, CVE-2014-4655]
An attacker can use a freed memory area, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
CVE-2014-4653]
An attacker can generate an integer overflow, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
CVE-2014-4656]
An attacker can generate an integer overflow, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
CVE-2014-4656]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-multiple-vulnerabilities-of-ALSA-14932