CVE-2016-4578

Published: May 23, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Affected (20)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Debian: Debian Linux · +2 more

Show all products

Linux: Linux Kernel · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Opensuse: Leap, Opensuse

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Opensuse

2 products

Leap

Opensuse

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.6

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration D

12 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Server Eus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Workstation	Version 7.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (62)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6

Source: cve@mitre.org

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2574.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2584.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2016/dsa-3607

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/11/5

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/90535

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3016-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3016-2

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3016-3

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3016-4

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3017-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3017-2

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3017-3

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3018-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3018-2

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3019-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3020-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3021-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3021-2

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1335215

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6

Source: cve@mitre.org

Vendor Advisory

https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/46529/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6