[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4571Date: (C)2007-09-26   (M)2023-12-22


The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018734
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
BID-25807
SECUNIA-26918
SECUNIA-26980
SECUNIA-26989
SECUNIA-27101
SECUNIA-27227
SECUNIA-27436
SECUNIA-27747
SECUNIA-27824
SECUNIA-28626
SECUNIA-29054
SECUNIA-30769
ADV-2007-3272
DSA-1479
DSA-1505
FEDORA-2007-2349
FEDORA-2007-714
RHSA-2007:0939
RHSA-2007:0993
SUSE-SA:2007:053
USN-618-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://issues.rpath.com/browse/RPL-1761
linux-sndpagealloc-information-disclosure(36780)
oval:org.mitre.oval:def:9053

OVAL    2
oval:org.mitre.oval:def:7957
oval:org.mitre.oval:def:7654

© SecPod Technologies