CVE-2016-4578
Published on: 05/23/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:58 PM UTC
Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
- CVE-2016-4578 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
|---|---|---|---|---|
| LOCAL | LOW | LOW | NONE | |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
| UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 2.1 - LOW
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | NONE | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3018-2 |
| USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3016-3 |
| USN-3016-1: Linux kernel vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3016-1 |
| [security-announce] SUSE-SU-2016:1937-1: important: Security update for | Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1937 |
| [security-announce] openSUSE-SU-2016:1641-1: important: Security update | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:1641 |
| USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3017-3 |
| kernel/git/torvalds/linux.git - Linux kernel source tree | Vendor Advisory git.kernel.org text/html |
CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5 |
| [security-announce] SUSE-SU-2016:1985-1: important: Security update for | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1985 |
| USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3021-2 |
| ALSA: timer: Fix leak in events via snd_timer_user_ccallback · torvalds/[email protected] · GitHub | Vendor Advisory github.com text/html |
CONFIRM github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 |
| USN-3017-1: Linux kernel vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3017-1 |
| Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:2574 |
| USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3017-2 |
| USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3016-4 |
| USN-3021-1: Linux kernel vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3021-1 |
| [security-announce] SUSE-SU-2016:1672-1: important: Security update for | Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1672 |
| oss-security - Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer | Mailing List www.openwall.com text/html |
MLIST [oss-security] 20160511 Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer |
| USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3019-1 |
| Debian -- Security Information -- DSA-3607-1 linux | Third Party Advisory www.debian.org Depreciated Link text/html |
DEBIAN DSA-3607 |
| 1335215 – (CVE-2016-4578) CVE-2016-4578 kernel: Information leak in events in timer.c | Issue Tracking Third Party Advisory VDB Entry bugzilla.redhat.com text/html |
CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1335215 |
| Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak | Exploit Third Party Advisory VDB Entry www.exploit-db.com Proof of Concept text/html |
EXPLOIT-DB 46529 |
| USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3020-1 |
| USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3016-2 |
| [security-announce] SUSE-SU-2016:1690-1: important: Security update for | Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:1690 |
| [security-announce] SUSE-SU-2016:2105-1: important: Security update for | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE SUSE-SU-2016:2105 |
| ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt · torvalds/[email protected] · GitHub | Vendor Advisory github.com text/html |
CONFIRM github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5 |
| [security-announce] openSUSE-SU-2016:2184-1: important: Security update | Mailing List Third Party Advisory lists.opensuse.org text/html |
SUSE openSUSE-SU-2016:2184 |
| kernel/git/torvalds/linux.git - Linux kernel source tree | Vendor Advisory git.kernel.org text/html |
CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 |
| Red Hat Customer Portal | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
REDHAT RHSA-2016:2584 |
| USN-3018-1: Linux kernel vulnerabilities | Ubuntu | Third Party Advisory www.ubuntu.com text/html |
UBUNTU USN-3018-1 |
| Linux Kernel CVE-2016-4578 Multiple Local Information Disclosure Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
BID 90535 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE