CVE-2007-4571

LOW

Description

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600

http://secunia.com/advisories/26918

http://secunia.com/advisories/26980

http://secunia.com/advisories/26989

http://secunia.com/advisories/27101

http://secunia.com/advisories/27227

http://secunia.com/advisories/27436

http://secunia.com/advisories/27747

http://secunia.com/advisories/27824

http://secunia.com/advisories/28626

http://secunia.com/advisories/29054

http://secunia.com/advisories/30769

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

http://www.debian.org/security/2008/dsa-1479

http://www.debian.org/security/2008/dsa-1505

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

http://www.redhat.com/support/errata/RHSA-2007-0939.html

http://www.redhat.com/support/errata/RHSA-2007-0993.html

http://www.securityfocus.com/bid/25807

http://www.securitytracker.com/id?1018734

http://www.ubuntu.com/usn/usn-618-1

http://www.vupen.com/english/advisories/2007/3272

https://exchange.xforce.ibmcloud.com/vulnerabilities/36780

https://issues.rpath.com/browse/RPL-1761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html

Details

Source: MITRE

Published: 2007-09-26

Updated: 2017-09-29

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW