CVE-2016-4569

MEDIUM

Linux Kernel < 4.6 - Information Disclosure

Title source: rule

Description

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

References (29)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2574.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2584.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3018-2

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3019-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3020-1

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90347

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3016-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3016-2

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3016-3

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3016-4

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3017-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3017-2

... and 9 more

Scores

CVSS v3 5.5

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (20)

linux/linux_kernel < 4.6

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

novell/suse_linux_enterprise_software_development_kit

novell/suse_linux_enterprise_software_development_kit

novell/suse_linux_enterprise_software_development_kit

novell/suse_linux_enterprise_debuginfo

novell/suse_linux_enterprise_desktop

novell/suse_linux_enterprise_desktop

novell/suse_linux_enterprise_live_patching

novell/suse_linux_enterprise_module_for_public_cloud

novell/suse_linux_enterprise_real_time_extension

novell/suse_linux_enterprise_server

... and 5 more

Timeline

Published May 23, 2016

Tracked Since Feb 18, 2026