UBUNTU-CVE-2014-4652

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2014-4652

Downstream

USN-2337-1

Published: 03 Jul 2014, 00:00

Last modified:12 May 2026, 13:20

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Jul 2014, 00:00

Published

Vulnerability first disclosed

12 May 2026, 13:20

Last Modified

Vulnerability information updated

Description

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

Affected Systems

ubuntu•linux
< 3.13.0-35.62
ubuntu•linux-azure
all
ubuntu•linux-azure-6.11
all
ubuntu•linux-azure-fde
all
ubuntu•linux-azure-fde-5.15
all
ubuntu•linux-gcp
all
ubuntu•linux-gcp-6.11
all
ubuntu•linux-gke
all
ubuntu•linux-gkeop
all
ubuntu•linux-hwe
all
ubuntu•linux-hwe-6.11
all
ubuntu•linux-hwe-edge
all
ubuntu•linux-intel-iot-realtime
all
ubuntu•linux-lowlatency-hwe-6.11
all
ubuntu•linux-raspi-realtime
all
ubuntu•linux-raspi2
all
ubuntu•linux-realtime
all | all
ubuntu•linux-riscv
all | all | all

UBUNTU-CVE-2014-4652

Vulnerability Summary

Timeline

Description

Affected Systems

References (13)