CVE-2007-4571

Severity

21%

Complexity

39%

Confidentiality

48%

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 17 years ago

2007-09-26 10:17:00

Last updated 7 years ago

2017-09-29 01:29:00

Affected Software

Linux Kernel

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

20070925 Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability

26918

26980

26989

27101

27227

27436

27747

27824

28626

29054

30769

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

DSA-1479

DSA-1505

SUSE-SA:2007:053

RHSA-2007:0939

RHSA-2007:0993

25807

1018734

USN-618-1

ADV-2007-3272

linux-sndpagealloc-information-disclosure(36780)

https://issues.rpath.com/browse/RPL-1761

oval:org.mitre.oval:def:9053

FEDORA-2007-714

FEDORA-2007-2349

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.