CVE-2014-4653
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0007 (0.1%)
Percentile: 20.2%
EPSS: 2026-05-06
Affects
linux:linux_kernelsuse:linux_enterprise_servercanonical:ubuntu_linuxTechnical description
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
Published: 7/3/2014, 4:22:15 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fd9f26e4eca5d08a27d12c0933fceef76ed9663d
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://rhn.redhat.com/errata/RHSA-2014-1083.html
- http://secunia.com/advisories/59434
- http://secunia.com/advisories/59777
- http://secunia.com/advisories/60545
- http://secunia.com/advisories/60564
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2