CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Published : 2016-05-23 10:59 Updated : 2019-03-25 18:58

2.1
CVSS Score More info
Score 2.1 / 10
2.1
Vendor Product Version URI
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Opensuse Leap 42.1 cpe:/o:opensuse:leap:42.1
Opensuse Opensuse 13.1 cpe:/o:opensuse:opensuse:13.1
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.3 cpe:/o:redhat:enterprise_linux_server_aus:7.3
Redhat Enterprise Linux Server Aus 7.4 cpe:/o:redhat:enterprise_linux_server_aus:7.4
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.3 cpe:/o:redhat:enterprise_linux_server_eus:7.3
Redhat Enterprise Linux Server Eus 7.4 cpe:/o:redhat:enterprise_linux_server_eus:7.4
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.3 cpe:/o:redhat:enterprise_linux_server_tus:7.3
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Linux Linux Kernel 4.6 cpe:/o:linux:linux_kernel:4.6
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 15.10 cpe:/o:canonical:ubuntu_linux:15.10
  1. Opensuse (2) Search CVE
    1. Opensuse (1) Search CVE
      1. 13.1
    2. Leap (1) Search CVE
      1. 42.1
  2. Redhat (6) Search CVE
    1. Enterprise Linux Server Tus (2) Search CVE
      1. 7.3
      2. 7.6
    2. Enterprise Linux Server Eus (4) Search CVE
      1. 7.3
      2. 7.4
      3. 7.5
      4. 7.6
    3. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    4. Enterprise Linux Server (1) Search CVE
      1. 7.0
    5. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    6. Enterprise Linux Server Aus (3) Search CVE
      1. 7.3
      2. 7.4
      3. 7.6
  3. Linux (1) Search CVE
    1. Linux Kernel (1) Search CVE
      1. 4.6
  4. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 12.04
      2. 16.04
      3. 14.04
      4. 15.10
  5. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

References

Source Link
UBUNTU http://www.ubuntu.com/usn/USN-3021-2
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1335215
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
MLIST http://www.openwall.com/lists/oss-security/2016/05/11/5
UBUNTU http://www.ubuntu.com/usn/USN-3016-1
UBUNTU http://www.ubuntu.com/usn/USN-3016-2
UBUNTU http://www.ubuntu.com/usn/USN-3016-3
UBUNTU http://www.ubuntu.com/usn/USN-3016-4
UBUNTU http://www.ubuntu.com/usn/USN-3017-1
UBUNTU http://www.ubuntu.com/usn/USN-3017-2
UBUNTU http://www.ubuntu.com/usn/USN-3017-3
UBUNTU http://www.ubuntu.com/usn/USN-3018-1
UBUNTU http://www.ubuntu.com/usn/USN-3018-2
UBUNTU http://www.ubuntu.com/usn/USN-3019-1
UBUNTU http://www.ubuntu.com/usn/USN-3020-1
UBUNTU http://www.ubuntu.com/usn/USN-3021-1
DEBIAN http://www.debian.org/security/2016/dsa-3607
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
BID http://www.securityfocus.com/bid/90535
CONFIRM https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
CONFIRM https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2584.html
EXPLOIT-DB https://www.exploit-db.com/exploits/46529/
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2574.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

History of changes

Date Event
2019-03-25 18:58
2019-03-12 10:29
2018-01-05 02:30
2016-05-23 10:59

New CVE