5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.6%
sound/core/timer.c in the Linux kernel through 4.6 does not initialize
certain r1 data structures, which allows local users to obtain sensitive
information from kernel stack memory via crafted use of the ALSA timer
interface, related to the (1) snd_timer_user_ccallback and (2)
snd_timer_user_tinterrupt functions.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | <Β 3.2.0-105.146 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | <Β 3.13.0-91.138 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | <Β 4.2.0-41.48 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | <Β 4.4.0-28.47 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Β 3.2.0-1668.93 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | <Β 3.13.0-91.138~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | <Β 3.16.0-76.98~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | <Β 3.19.0-64.72~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | <Β 4.2.0-41.48~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | <Β 4.4.0-28.47~14.04.1 | UNKNOWN |
git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
launchpad.net/bugs/cve/CVE-2016-4578
nvd.nist.gov/vuln/detail/CVE-2016-4578
security-tracker.debian.org/tracker/CVE-2016-4578
ubuntu.com/security/notices/USN-3016-1
ubuntu.com/security/notices/USN-3016-2
ubuntu.com/security/notices/USN-3016-3
ubuntu.com/security/notices/USN-3016-4
ubuntu.com/security/notices/USN-3017-1
ubuntu.com/security/notices/USN-3017-2
ubuntu.com/security/notices/USN-3017-3
ubuntu.com/security/notices/USN-3018-1
ubuntu.com/security/notices/USN-3018-2
ubuntu.com/security/notices/USN-3019-1
ubuntu.com/security/notices/USN-3020-1
ubuntu.com/security/notices/USN-3021-1
ubuntu.com/security/notices/USN-3021-2
www.cve.org/CVERecord?id=CVE-2016-4578
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.6%