Return to CVE list

CVE-2007-4571

2.1

Low

CVE-2007-4571

26 Sep 2007

secalert@redhat.com

Modified

View on MITRE Find on GitHub

Description

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

Exploits

306052007-09-21localLinux

Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure

By Karimo_DM

References

secalert@redhat.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212

secalert@redhat.com

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

secalert@redhat.com

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600

secalert@redhat.com

http://secunia.com/advisories/26918

secalert@redhat.com

http://secunia.com/advisories/26980

secalert@redhat.com

http://secunia.com/advisories/26989

secalert@redhat.com

http://secunia.com/advisories/27101

secalert@redhat.com

http://secunia.com/advisories/27227

secalert@redhat.com

http://secunia.com/advisories/27436

secalert@redhat.com

http://secunia.com/advisories/27747

secalert@redhat.com

http://secunia.com/advisories/27824

secalert@redhat.com

http://secunia.com/advisories/28626

secalert@redhat.com

http://secunia.com/advisories/29054

secalert@redhat.com

http://secunia.com/advisories/30769

secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

secalert@redhat.com

http://www.debian.org/security/2008/dsa-1479

secalert@redhat.com

http://www.debian.org/security/2008/dsa-1505

secalert@redhat.com

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0939.html

secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2007-0993.html

secalert@redhat.com

http://www.securityfocus.com/bid/25807

secalert@redhat.com

http://www.securitytracker.com/id?1018734

secalert@redhat.com

http://www.ubuntu.com/usn/usn-618-1

secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3272

secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/36780

secalert@redhat.com

https://issues.rpath.com/browse/RPL-1761

secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053

secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html

secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html

af854a3a-2127-422b-91ae-364da2661108

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212

af854a3a-2127-422b-91ae-364da2661108

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

af854a3a-2127-422b-91ae-364da2661108

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26918

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26980

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26989

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27101

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27227

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27436

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27747

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27824

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28626

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29054

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30769

af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1479

af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1505

af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2007_53_kernel.html

af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-0939.html

af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-0993.html

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25807

af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018734

af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-618-1

af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3272

af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/36780

af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-1761

af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053

af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html

af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html