CVE-2007-4571
published 2007-09-26CVE-2007-4571: The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.76%
50.7th percentile
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.22.7 | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
vendor_ubuntu2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2008-06-19·CVSS 2.1
CVE-2007-4571 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
It was discovered that the ALSA /proc interface did not write the
correct number of bytes when reporting memory allocations. A local
attacker might be able to access sensitive kernel memory, leading to
a loss of privacy. (CVE-2007-4571)
Multiple buffer overflows were discovered in the handling of CIFS
filesystems. A malicious CIFS server could cause a client system crash
or possibly execute arbitrary code with kernel privileges. (CVE-2007-5904)
It was discovered that PowerPC kernels did not correctly handle reporting
certain system details. By requesting a specific set of information,
a local attacker could cause a system crash resulting in a denial
of service. (CVE-2007-6694)
It was discovered that some device
Red Hat
ALSA memory disclosure flaw
vendor_redhat·2007-09-25·CVSS 2.1
CVE-2007-4571 [LOW] ALSA memory disclosure flaw
ALSA memory disclosure flaw
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
GHSA
GHSA-6cf8-wrcg-w8rr: The snd_mem_proc_read function in sound/core/memalloc
ghsa_unreviewed·2022-05-01
CVE-2007-4571 [LOW] GHSA-6cf8-wrcg-w8rr: The snd_mem_proc_read function in sound/core/memalloc
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600http://secunia.com/advisories/26918http://secunia.com/advisories/26980http://secunia.com/advisories/26989http://secunia.com/advisories/27101http://secunia.com/advisories/27227http://secunia.com/advisories/27436http://secunia.com/advisories/27747http://secunia.com/advisories/27824http://secunia.com/advisories/28626http://secunia.com/advisories/29054http://secunia.com/advisories/30769http://support.avaya.com/elmodocs2/security/ASA-2007-474.htmhttp://www.debian.org/security/2008/dsa-1479http://www.debian.org/security/2008/dsa-1505http://www.novell.com/linux/security/advisories/2007_53_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0939.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0993.htmlhttp://www.securityfocus.com/bid/25807http://www.securitytracker.com/id?1018734http://www.ubuntu.com/usn/usn-618-1http://www.vupen.com/english/advisories/2007/3272https://exchange.xforce.ibmcloud.com/vulnerabilities/36780https://issues.rpath.com/browse/RPL-1761https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600http://secunia.com/advisories/26918http://secunia.com/advisories/26980http://secunia.com/advisories/26989http://secunia.com/advisories/27101http://secunia.com/advisories/27227http://secunia.com/advisories/27436http://secunia.com/advisories/27747http://secunia.com/advisories/27824http://secunia.com/advisories/28626http://secunia.com/advisories/29054http://secunia.com/advisories/30769http://support.avaya.com/elmodocs2/security/ASA-2007-474.htmhttp://www.debian.org/security/2008/dsa-1479http://www.debian.org/security/2008/dsa-1505http://www.novell.com/linux/security/advisories/2007_53_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0939.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0993.htmlhttp://www.securityfocus.com/bid/25807http://www.securitytracker.com/id?1018734http://www.ubuntu.com/usn/usn-618-1http://www.vupen.com/english/advisories/2007/3272https://exchange.xforce.ibmcloud.com/vulnerabilities/36780https://issues.rpath.com/browse/RPL-1761https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html
2007-09-26
Published