CVE - CVE-2007-4571

CVE-ID
CVE-2007-4571	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018734 URL:http://www.securitytracker.com/id?1018734 MISC:20070925 Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 MISC:25807 URL:http://www.securityfocus.com/bid/25807 MISC:26918 URL:http://secunia.com/advisories/26918 MISC:26980 URL:http://secunia.com/advisories/26980 MISC:26989 URL:http://secunia.com/advisories/26989 MISC:27101 URL:http://secunia.com/advisories/27101 MISC:27227 URL:http://secunia.com/advisories/27227 MISC:27436 URL:http://secunia.com/advisories/27436 MISC:27747 URL:http://secunia.com/advisories/27747 MISC:27824 URL:http://secunia.com/advisories/27824 MISC:28626 URL:http://secunia.com/advisories/28626 MISC:29054 URL:http://secunia.com/advisories/29054 MISC:30769 URL:http://secunia.com/advisories/30769 MISC:ADV-2007-3272 URL:~~http://www.vupen.com/english/advisories/2007/3272~~ (Obsolete source) MISC:DSA-1479 URL:http://www.debian.org/security/2008/dsa-1479 MISC:DSA-1505 URL:http://www.debian.org/security/2008/dsa-1505 MISC:FEDORA-2007-2349 URL:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html MISC:FEDORA-2007-714 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html MISC:RHSA-2007:0939 URL:http://www.redhat.com/support/errata/RHSA-2007-0939.html MISC:RHSA-2007:0993 URL:http://www.redhat.com/support/errata/RHSA-2007-0993.html MISC:SUSE-SA:2007:053 URL:http://www.novell.com/linux/security/advisories/2007_53_kernel.html MISC:USN-618-1 URL:http://www.ubuntu.com/usn/usn-618-1 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212 MISC:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 URL:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 MISC:http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm MISC:https://issues.rpath.com/browse/RPL-1761 URL:https://issues.rpath.com/browse/RPL-1761 MISC:linux-sndpagealloc-information-disclosure(36780) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36780 MISC:oval:org.mitre.oval:def:9053 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
Assigning CNA
Red Hat, Inc.
Date Record Created
20070828	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070828)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.