High severity7.8NVD Advisory· Published Jun 27, 2016· Updated May 6, 2026

CVE-2014-9904

Description

The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

Affected products

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.7,<3.12.62
Novell/Suse Linux Enterprise Real Time Extension
cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdPatchVendor Advisory
github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205nvdPatchVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlnvdMailing ListThird Party Advisory
www.debian.org/security/2016/dsa-3616nvdThird Party Advisory
www.securityfocus.com/bid/91510nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036189nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000