Back to all categorys

Elevation of privilege vulnerability in kernel sound subsystem

CVE-2016-2184

(json)

• CVE numbers: CVE-2016-2184 [Bulletin-CVE-2016-2184]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel sound subsystem
• Details: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. [NIST-CVE-2016-2184]
• Discovered by: on: Unknown
• Reported on: 2016-11-01 [Bulletin-CVE-2016-2184]
• Fixed on: 2016-03-31 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2184]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-9794

(json)

• CVE numbers: CVE-2016-9794 [Bulletin-CVE-2016-9794]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel sound subsystem
• Details: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. [NIST-CVE-2016-9794]
• Discovered by: on: Unknown
• Reported on: 2017-05-01 [Bulletin-CVE-2016-9794]
• Fixed on: 2016-12-12 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-9794]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26