CVE-2016-4578

LOW

Description

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

http://rhn.redhat.com/errata/RHSA-2016-2574.html

http://rhn.redhat.com/errata/RHSA-2016-2584.html

http://www.debian.org/security/2016/dsa-3607

http://www.openwall.com/lists/oss-security/2016/05/11/5

http://www.securityfocus.com/bid/90535

http://www.ubuntu.com/usn/USN-3016-1

http://www.ubuntu.com/usn/USN-3016-2

http://www.ubuntu.com/usn/USN-3016-3

http://www.ubuntu.com/usn/USN-3016-4

http://www.ubuntu.com/usn/USN-3017-1

http://www.ubuntu.com/usn/USN-3017-2

http://www.ubuntu.com/usn/USN-3017-3

http://www.ubuntu.com/usn/USN-3018-1

http://www.ubuntu.com/usn/USN-3018-2

http://www.ubuntu.com/usn/USN-3019-1

http://www.ubuntu.com/usn/USN-3020-1

http://www.ubuntu.com/usn/USN-3021-1

http://www.ubuntu.com/usn/USN-3021-2

https://bugzilla.redhat.com/show_bug.cgi?id=1335215

https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6

https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5

https://www.exploit-db.com/exploits/46529/

Details

Source: MITRE

Published: 2016-05-23

Updated: 2019-03-25

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
132134EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)NessusHuawei Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
125301EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1508)NessusHuawei Local Security Checks
high
125100EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
96903SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)NessusSuSE Local Security Checks
critical
96073OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0181)NessusOracleVM Local Security Checks
critical
95841Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)NessusScientific Linux Local Security Checks
critical
95366OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0167)NessusOracleVM Local Security Checks
high
95321CentOS 7 : kernel (CESA-2016:2574)NessusCentOS Local Security Checks
critical
95046OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0163)NessusOracleVM Local Security Checks
medium
95045OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0162)NessusOracleVM Local Security Checks
high
95044Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3646)NessusOracle Linux Local Security Checks
high
95043Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3645)NessusOracle Linux Local Security Checks
medium
95042Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3644)NessusOracle Linux Local Security Checks
high
94697Oracle Linux 7 : kernel (ELSA-2016-2574)NessusOracle Linux Local Security Checks
critical
94547RHEL 7 : kernel-rt (RHSA-2016:2584)NessusRed Hat Local Security Checks
critical
94537RHEL 7 : kernel (RHSA-2016:2574)NessusRed Hat Local Security Checks
critical
93445openSUSE Security Update : the Linux Kernel (openSUSE-2016-1076)NessusSuSE Local Security Checks
critical
93370SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)NessusSuSE Local Security Checks
critical
93299SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2105-1)NessusSuSE Local Security Checks
high
93216openSUSE Security Update : the Linux Kernel (openSUSE-2016-1029)NessusSuSE Local Security Checks
high
93165SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1690-1)NessusSuSE Local Security Checks
high
93164SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)NessusSuSE Local Security Checks
high
93104openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)NessusSuSE Local Security Checks
critical
91886Debian DSA-3607-1 : linux - security updateNessusDebian Local Security Checks
critical
91884Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)NessusUbuntu Local Security Checks
high
91883Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3020-1)NessusUbuntu Local Security Checks
high
91882Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3019-1)NessusUbuntu Local Security Checks
high
91881Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3018-2)NessusUbuntu Local Security Checks
high
91880Ubuntu 14.04 LTS : linux vulnerabilities (USN-3018-1)NessusUbuntu Local Security Checks
high
91879Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3017-3)NessusUbuntu Local Security Checks
high
91878Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3017-2)NessusUbuntu Local Security Checks
high
91877Ubuntu 15.10 : linux vulnerabilities (USN-3017-1)NessusUbuntu Local Security Checks
high
91876Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3016-4)NessusUbuntu Local Security Checks
high
91875Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3016-3)NessusUbuntu Local Security Checks
high
91874Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3016-2)NessusUbuntu Local Security Checks
high
91873Ubuntu 16.04 LTS : linux vulnerabilities (USN-3016-1)NessusUbuntu Local Security Checks
high
91736openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)NessusSuSE Local Security Checks
critical
91687Debian DLA-516-1 : linux security updateNessusDebian Local Security Checks
critical