[security-announce] Kernel/ALSA: Security update

Sona Sarmadi sona.sarmadi at enea.com
Tue Jan 20 12:09:28 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


               Enea Linux Security Advisory

Kernel/ALSA: control: Protect user controls against
concurrent access

=================================================
Product/package: Kernel/ALSA: (FSL kernel: 3.8.11)
Severity: Low
Issue date: 2015-01-20
CVE Names: CVE-2014-4652
Layer: meta-enea
=================================================
A security patch that fixes <CVE-2015-xxx> is now
available in the "http://linux.enea.com/4.0/patches" folder.

README file:0016-ALSA-control-CVE-2014-4652.README
Patch file: 0016-ALSA-control-CVE-2014-4652.patch

Description
===========
Race condition in the tlv handler functionality in the
snd_ctl_elem_user_tlv function in sound/core/control.c in the
ALSA control implementation in the Linux kernel before 3.15.2
allows local users to obtain sensitive information from kernel
memory by leveraging /dev/snd/controlCX access.

References
==========
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652

How to apply the patches
=========================
If you don't have installed the Enea Linux 4.0 Release:

# wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
# tar zxvf Enea-Linux-4.0.tar.gz

If you have already installed the Enea Linux 4.0 Release:

# cd Enea-Linux-4.0/poky/meta-enea
# wget
http://linux.enea.com/4.0/patches/0016-ALSA-control-CVE-2014-4652.patch
# patch -p1 < ./0016-ALSA-control-CVE-2014-4652.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

ESRT (Enea Security Response Team)
Sona Sarmadi
Software Engineer/Security Responsible for Enea Linux Enea
Jan Stenbecks torg 17,
Box 1033, SE-164 21
Kista, Sweden
Direct: +46 8 5071  4475
Mobile: +46 70 971 4475
sona.sarmadi at enea.com
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUvjdoAAoJEHc+9u9ocWoUhncP/1JnEP8/KsklAYdYZQUpmC0F
yKTWzB7vDUMmRiGgM3gzJPPCklTR5Xgoe9OFKgawUQv/UcP8HhilRqO/cLb9dwK4
/2d2n6SeYZMVOly/mhB/QMYSNNusx+NI5MURPQ4fsrrTuOXvLq9z9yoXpHPeBehz
FYXnMa7xj9HX6HngkJpL+8/tijMsDOQr1kp4cS/STZYx5dy6ZjA6x96fTpii20JM
fbzouvuzLxiIlX01e4i7qndHqu1OL6Ae5uZTsGyQUe9H8TuHKSJPltfVdB6o2unJ
wqCiv3G1vKsXUArUJB4E2vdiYb2HmRtEJMHlN1SR7Ioq6sWk/lSS6as6Jc2lNxsL
iCbOh2u8NC+CQqTJgSOi/6aDNsPTUjF++O0voRNm8Nv7Ol63hbr0bcLyA25zfoy6
OWztngLwyVAbjtYR2GTlcGg5u9YADABj8dgMtLhl57b4I7sJ4GI9NDp3dDeY47QK
IAinmqTwNoRLpx0HqqfeCFww3IGnwVbvKGbsWXgW98yCJFD9XcSBMBzp/2JzcubG
ibX1LDin2wcg2n5GXr7M0Xb8bZ/WrzN49N2UZSylwywfJ1GzwRuZkSpYBXU9/oLM
swIF2HtXmJuiVqxrLjek2uKg7PASjqYR1bz6SesRETdF/PwjcZoMY+5lyd6e9O9M
DGtfiRpQDnVBwZY0HIiz
=30Ag
-----END PGP SIGNATURE-----



More information about the security-announce mailing list