CVE-2016-4569
Description
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.344
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-generic_3.13.0-91.138_i386.deb | Linux |
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-generic_3.13.0-91.138_amd64.deb | Linux |
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-lowlatency_3.13.0-91.138_i386.deb | Linux |
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-lowlatency_3.13.0-91.138_amd64.deb | Linux |
| Linux hardware enablement kernel from Trusty for Precise (USN-3018-2) linux-image-3.13.0-91-generic_3.13.0-91.138~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Trusty for Precise (USN-3018-2) linux-image-3.13.0-91-generic_3.13.0-91.138~precise1_amd64.deb | Linux |
| Linux kernel (USN-3021-1) linux-image-3.2.0-105-generic_3.2.0-105.146_i386.deb | Linux |
| Linux kernel (USN-3021-1) linux-image-3.2.0-105-generic_3.2.0-105.146_amd64.deb | Linux |
| Linux kernel (USN-3021-1) linux-image-3.2.0-105-generic-pae_3.2.0-105.146_i386.deb | Linux |
| Dtrace-modules-3.8.13-118.14.2.el6uek update (ELSA-2016-3645) dtrace-modules-3.8.13-118.14.2.el6uek-0.4.5-3.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-118.14.2.el7uek update (ELSA-2016-3645) dtrace-modules-3.8.13-118.14.2.el7uek-0.4.5-3.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234