Lucene search

[email protected]CVE-2007-4571

HistorySep 26, 2007 - 10:17 a.m.

CVE-2007-4571

2007-09-2610:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4571

linux kernel

sound architecture

alsa

security vulnerability

nvd

5.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.22.7

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.22.7

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212

kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8

labs.idefense.com/intelligence/vulnerabilities/display.php?id=600

secunia.com/advisories/26918

secunia.com/advisories/26980

secunia.com/advisories/26989

secunia.com/advisories/27101

secunia.com/advisories/27227

secunia.com/advisories/27436

secunia.com/advisories/27747

secunia.com/advisories/27824

secunia.com/advisories/28626

secunia.com/advisories/29054

secunia.com/advisories/30769

support.avaya.com/elmodocs2/security/ASA-2007-474.htm

www.debian.org/security/2008/dsa-1479

www.debian.org/security/2008/dsa-1505

www.novell.com/linux/security/advisories/2007_53_kernel.html

www.redhat.com/support/errata/RHSA-2007-0939.html

www.redhat.com/support/errata/RHSA-2007-0993.html

www.securityfocus.com/bid/25807

www.securitytracker.com/id?1018734

www.ubuntu.com/usn/usn-618-1

www.vupen.com/english/advisories/2007/3272

exchange.xforce.ibmcloud.com/vulnerabilities/36780

issues.rpath.com/browse/RPL-1761

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053

www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html

www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html

5.1 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2007-4571

seebug2 osv2 ubuntucve1 prion1 openvas15 securityvulns1 nessus17 fedora2 veracode1 exploitpack1 debian2 exploitdb1 oraclelinux2 redhat2 ubuntu1 centos1 suse1