Vulnerability Details : CVE-2016-4578
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
Vulnerability category: Information leak
Products affected by CVE-2016-4578
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4578
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4578
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-4578
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4578
-
http://www.securityfocus.com/bid/90535
Linux Kernel CVE-2016-4578 Multiple Local Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-3019-1
USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://www.ubuntu.com/usn/USN-3016-4
USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3020-1
USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3017-2
USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RHSA-2016:2574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
[security-announce] SUSE-SU-2016:1672-1: important: Security update forThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3016-1
USN-3016-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
[security-announce] SUSE-SU-2016:1690-1: important: Security update forThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1335215
1335215 – (CVE-2016-4578) CVE-2016-4578 kernel: Information leak in events in timer.cIssue Tracking;Third Party Advisory;VDB Entry
-
https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5
ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt · torvalds/linux@e4ec8cc · GitHubVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
[security-announce] SUSE-SU-2016:1937-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
[security-announce] openSUSE-SU-2016:1641-1: important: Security updateMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3016-3
USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3021-1
USN-3021-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3021-2
USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3017-3
USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
ALSA: timer: Fix leak in events via snd_timer_user_ccallback · torvalds/linux@9a47e9c · GitHubVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
[security-announce] SUSE-SU-2016:2105-1: important: Security update forMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/46529/
Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer LeakExploit;VDB Entry;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3018-1
USN-3018-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
[security-announce] SUSE-SU-2016:1985-1: important: Security update forMailing List;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
[security-announce] openSUSE-SU-2016:2184-1: important: Security updateMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2584.html
RHSA-2016:2584 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3607
Debian -- Security Information -- DSA-3607-1 linuxThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/05/11/5
oss-security - Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timerMailing List
-
http://www.ubuntu.com/usn/USN-3017-1
USN-3017-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3018-2
USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3016-2
USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to