CVE-2007-4571

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
https://issues.rpath.com/browse/RPL-1761
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://www.redhat.com/support/errata/RHSA-2007-0993.html
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.securityfocus.com/bid/25807
http://www.securitytracker.com/id?1018734
http://secunia.com/advisories/26918
http://secunia.com/advisories/26989
http://secunia.com/advisories/26980
http://secunia.com/advisories/27101
http://secunia.com/advisories/27436
http://secunia.com/advisories/27227
http://secunia.com/advisories/27747
http://secunia.com/advisories/27824
http://www.debian.org/security/2008/dsa-1479
http://secunia.com/advisories/28626
http://www.debian.org/security/2008/dsa-1505
http://secunia.com/advisories/29054
http://secunia.com/advisories/30769
http://www.ubuntu.com/usn/usn-618-1
http://www.vupen.com/english/advisories/2007/3272
https://exchange.xforce.ibmcloud.com/vulnerabilities/36780
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Information

Published : 2007-09-26 10:17

Updated : 2023-02-13 02:18


NVD link : CVE-2007-4571

Mitre link : CVE-2007-4571

Products Affected
No products.