5.4 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
0.4%
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
CPE | Name | Operator | Version |
---|---|---|---|
linux_kernel | le | 2.6.22.7 |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
secunia.com/advisories/26918
secunia.com/advisories/26980
secunia.com/advisories/26989
secunia.com/advisories/27101
secunia.com/advisories/27227
secunia.com/advisories/27436
secunia.com/advisories/27747
secunia.com/advisories/27824
secunia.com/advisories/28626
secunia.com/advisories/29054
secunia.com/advisories/30769
support.avaya.com/elmodocs2/security/ASA-2007-474.htm
www.debian.org/security/2008/dsa-1479
www.debian.org/security/2008/dsa-1505
www.novell.com/linux/security/advisories/2007_53_kernel.html
www.redhat.com/support/errata/RHSA-2007-0939.html
www.redhat.com/support/errata/RHSA-2007-0993.html
www.securityfocus.com/bid/25807
www.securitytracker.com/id?1018734
www.ubuntu.com/usn/usn-618-1
www.vupen.com/english/advisories/2007/3272
exchange.xforce.ibmcloud.com/vulnerabilities/36780
issues.rpath.com/browse/RPL-1761
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html