Definition
New Search
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size which allows local users to obtain sensitive information (kernel memory contents) via a small count argument as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
oval:org.mitre.oval:def:9053
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size which allows local users to obtain sensitive information (kernel memory contents) via a small count argument as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Family:
unix
Status:
ACCEPTED
Platform(s):
- CentOS Linux 5
- CentOS Linux 4
- Oracle Linux 5
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 4
- Oracle Linux 4
Class:
vulnerability
Reference(s):
- CVE-2007-4571
Product(s):