CVE-2007-4571

Description

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

References

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053

https://issues.rpath.com/browse/RPL-1761

https://exchange.xforce.ibmcloud.com/vulnerabilities/36780

http://www.vupen.com/english/advisories/2007/3272

http://www.ubuntu.com/usn/usn-618-1

http://www.securitytracker.com/id?1018734

http://www.securityfocus.com/bid/25807

http://www.redhat.com/support/errata/RHSA-2007-0993.html

http://www.redhat.com/support/errata/RHSA-2007-0939.html

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

http://www.debian.org/security/2008/dsa-1505

http://www.debian.org/security/2008/dsa-1479

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

http://secunia.com/advisories/30769

http://secunia.com/advisories/29054

http://secunia.com/advisories/28626

http://secunia.com/advisories/27824

http://secunia.com/advisories/27747

http://secunia.com/advisories/27436

http://secunia.com/advisories/27227

http://secunia.com/advisories/27101

http://secunia.com/advisories/26989

http://secunia.com/advisories/26980

http://secunia.com/advisories/26918

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3