Candidate: CVE-2007-4571
References: 
 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 
 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=788450fa451454cc8ff3593b4f9fdb653c296583
 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
Description: 
 The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux
 Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return
 the correct write size, which allows local users to obtain sensitive
 information (kernel memory contents) via a small count argument, as
 demonstrated by multiple reads of /proc/driver/snd-page-alloc. 
Ubuntu-Description: 
 It was discovered that the ALSA /proc interface did not write the
 correct number of bytes when reporting memory allocations.  A local
 attacker might be able to access sensitive kernel memory, leading to
 a loss of privacy.
Notes: 
 dannf> ABI changer, was reverted from etch-security (r9547)
Bugs: 
upstream: released (2.6.22.8)
linux-2.6: released (2.6.22-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/proc-snd-page-alloc-mem-leak.patch]
2.6.8-sarge-security: N/A "cannot reproduce w/ ALSA in 2.6.8, alsa-driver package was affected/fixed in DSA 1505"
2.4.27-sarge-security: N/A "alsa-driver package was affected/fixed in DSA 1505"
2.6.15-dapper-security: released (2.6.15-52.67)
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security: released (2.6.20-17.36)
2.6.22-gutsy-security: N/A
2.6.24-hardy-security: N/A