blob: 46103f5bc00e3eb0874fc40c05ba5aff27bbbdf5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2007-4571
References:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=788450fa451454cc8ff3593b4f9fdb653c296583
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
Description:
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux
Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return
the correct write size, which allows local users to obtain sensitive
information (kernel memory contents) via a small count argument, as
demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Ubuntu-Description:
It was discovered that the ALSA /proc interface did not write the
correct number of bytes when reporting memory allocations. A local
attacker might be able to access sensitive kernel memory, leading to
a loss of privacy.
Notes:
dannf> ABI changer, was reverted from etch-security (r9547)
Bugs:
upstream: released (2.6.22.8)
linux-2.6: released (2.6.22-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-17etch1) [bugfix/proc-snd-page-alloc-mem-leak.patch]
2.6.8-sarge-security: N/A "cannot reproduce w/ ALSA in 2.6.8, alsa-driver package was affected/fixed in DSA 1505"
2.4.27-sarge-security: N/A "alsa-driver package was affected/fixed in DSA 1505"
2.6.15-dapper-security: released (2.6.15-52.67)
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security: released (2.6.20-17.36)
2.6.22-gutsy-security: N/A
2.6.24-hardy-security: N/A
|