CVE-2016-4578
Description
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.134
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-generic_3.13.0-91.138_i386.deb | Linux |
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-generic_3.13.0-91.138_amd64.deb | Linux |
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-lowlatency_3.13.0-91.138_i386.deb | Linux |
| Linux kernel (USN-3018-1) linux-image-3.13.0-91-lowlatency_3.13.0-91.138_amd64.deb | Linux |
| Linux hardware enablement kernel from Trusty for Precise (USN-3018-2) linux-image-3.13.0-91-generic_3.13.0-91.138~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Trusty for Precise (USN-3018-2) linux-image-3.13.0-91-generic_3.13.0-91.138~precise1_amd64.deb | Linux |
| Linux kernel (USN-3021-1) linux-image-3.2.0-105-generic_3.2.0-105.146_i386.deb | Linux |
| Linux kernel (USN-3021-1) linux-image-3.2.0-105-generic_3.2.0-105.146_amd64.deb | Linux |
| Linux kernel (USN-3021-1) linux-image-3.2.0-105-generic-pae_3.2.0-105.146_i386.deb | Linux |
| Dtrace-modules-3.8.13-118.14.2.el6uek update (ELSA-2016-3645) dtrace-modules-3.8.13-118.14.2.el6uek-0.4.5-3.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-118.14.2.el7uek update (ELSA-2016-3645) dtrace-modules-3.8.13-118.14.2.el7uek-0.4.5-3.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234