CVE-2016-4578

Published on: 05/23/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

  • CVE-2016-4578 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3018-2
USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-3
USN-3016-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-1
[security-announce] SUSE-SU-2016:1937-1: important: Security update for Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1937
[security-announce] openSUSE-SU-2016:1641-1: important: Security update Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1641
USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3017-3
kernel/git/torvalds/linux.git - Linux kernel source tree Vendor Advisory
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5
[security-announce] SUSE-SU-2016:1985-1: important: Security update for Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1985
USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3021-2
ALSA: timer: Fix leak in events via snd_timer_user_ccallback · torvalds/[email protected] · GitHub Vendor Advisory
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
USN-3017-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3017-1
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2574
USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3017-2
USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-4
USN-3021-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3021-1
[security-announce] SUSE-SU-2016:1672-1: important: Security update for Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1672
oss-security - Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Mailing List
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160511 Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer
USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3019-1
Debian -- Security Information -- DSA-3607-1 linux Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3607
1335215 – (CVE-2016-4578) CVE-2016-4578 kernel: Information leak in events in timer.c Issue Tracking
Third Party Advisory
VDB Entry
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1335215
Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak Exploit
Third Party Advisory
VDB Entry
www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 46529
USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3020-1
USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-2
[security-announce] SUSE-SU-2016:1690-1: important: Security update for Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1690
[security-announce] SUSE-SU-2016:2105-1: important: Security update for Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:2105
ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt · torvalds/[email protected] · GitHub Vendor Advisory
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5
[security-announce] openSUSE-SU-2016:2184-1: important: Security update Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:2184
kernel/git/torvalds/linux.git - Linux kernel source tree Vendor Advisory
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2584
USN-3018-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3018-1
Linux Kernel CVE-2016-4578 Multiple Local Information Disclosure Vulnerabilities Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 90535

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
LinuxLinux KernelAllAllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseLeap42.1AllAllAll
Operating
System
OpensuseOpensuse13.1AllAllAll
Operating
System
OpensuseOpensuse13.1AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*: