CVE-2016-4578 — MEDIUM (5.5)

Q: How severe is CVE-2016-4578?

CVE-2016-4578 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4578?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.6
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Server Eus	7.3
Redhat	Enterprise Linux Server Tus	7.3
Redhat	Enterprise Linux Workstation	7.0
Opensuse	Leap	42.1
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2574.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2584.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3607Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/11/5Mailing List
http://www.securityfocus.com/bid/90535Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-3016-1Third Party Advisory

FAQ

What is CVE-2016-4578?

CVE-2016-4578 is a vulnerability with a CVSS score of 5.5 (MEDIUM). sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of ...

How severe is CVE-2016-4578?

CVE-2016-4578 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4578?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.