CVE-2007-4571

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4571
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
http://secunia.com/advisories/26918
http://secunia.com/advisories/26980
http://secunia.com/advisories/26989
http://secunia.com/advisories/27101
http://secunia.com/advisories/27227
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/27824
http://secunia.com/advisories/28626
http://secunia.com/advisories/29054
http://secunia.com/advisories/30769
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.debian.org/security/2008/dsa-1479
http://www.debian.org/security/2008/dsa-1505
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://www.redhat.com/support/errata/RHSA-2007-0993.html
http://www.securityfocus.com/bid/25807
http://www.securitytracker.com/id?1018734
http://www.ubuntu.com/usn/usn-618-1
http://www.vupen.com/english/advisories/2007/3272
https://exchange.xforce.ibmcloud.com/vulnerabilities/36780
https://issues.rpath.com/browse/RPL-1761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
http://secunia.com/advisories/26918
http://secunia.com/advisories/26980
http://secunia.com/advisories/26989
http://secunia.com/advisories/27101
http://secunia.com/advisories/27227
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/27824
http://secunia.com/advisories/28626
http://secunia.com/advisories/29054
http://secunia.com/advisories/30769
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.debian.org/security/2008/dsa-1479
http://www.debian.org/security/2008/dsa-1505
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://www.redhat.com/support/errata/RHSA-2007-0993.html
http://www.securityfocus.com/bid/25807
http://www.securitytracker.com/id?1018734
http://www.ubuntu.com/usn/usn-618-1
http://www.vupen.com/english/advisories/2007/3272
https://exchange.xforce.ibmcloud.com/vulnerabilities/36780
https://issues.rpath.com/browse/RPL-1761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:35

Type Values Removed Values Added
References () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212 - () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212 -
References () http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 - () http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 -
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 -
References () http://secunia.com/advisories/26918 - () http://secunia.com/advisories/26918 -
References () http://secunia.com/advisories/26980 - () http://secunia.com/advisories/26980 -
References () http://secunia.com/advisories/26989 - () http://secunia.com/advisories/26989 -
References () http://secunia.com/advisories/27101 - () http://secunia.com/advisories/27101 -
References () http://secunia.com/advisories/27227 - () http://secunia.com/advisories/27227 -
References () http://secunia.com/advisories/27436 - () http://secunia.com/advisories/27436 -
References () http://secunia.com/advisories/27747 - () http://secunia.com/advisories/27747 -
References () http://secunia.com/advisories/27824 - () http://secunia.com/advisories/27824 -
References () http://secunia.com/advisories/28626 - () http://secunia.com/advisories/28626 -
References () http://secunia.com/advisories/29054 - () http://secunia.com/advisories/29054 -
References () http://secunia.com/advisories/30769 - () http://secunia.com/advisories/30769 -
References () http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm - () http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm -
References () http://www.debian.org/security/2008/dsa-1479 - () http://www.debian.org/security/2008/dsa-1479 -
References () http://www.debian.org/security/2008/dsa-1505 - () http://www.debian.org/security/2008/dsa-1505 -
References () http://www.novell.com/linux/security/advisories/2007_53_kernel.html - () http://www.novell.com/linux/security/advisories/2007_53_kernel.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0939.html - () http://www.redhat.com/support/errata/RHSA-2007-0939.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0993.html - () http://www.redhat.com/support/errata/RHSA-2007-0993.html -
References () http://www.securityfocus.com/bid/25807 - () http://www.securityfocus.com/bid/25807 -
References () http://www.securitytracker.com/id?1018734 - () http://www.securitytracker.com/id?1018734 -
References () http://www.ubuntu.com/usn/usn-618-1 - () http://www.ubuntu.com/usn/usn-618-1 -
References () http://www.vupen.com/english/advisories/2007/3272 - () http://www.vupen.com/english/advisories/2007/3272 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/36780 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/36780 -
References () https://issues.rpath.com/browse/RPL-1761 - () https://issues.rpath.com/browse/RPL-1761 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053 -
References () https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html - () https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html -
References () https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html - () https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html -
Information

Published : 2007-09-26 10:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4571

Mitre link : CVE-2007-4571

CVE.ORG link : CVE-2007-4571

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024