CVE-2007-4571

Publication date 26 September 2007

Last updated 24 July 2024

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.04 LTS hardy	Not affected
linux-source-2.6.15	6.06 LTS dapper	Fixed 2.6.15-52.67
linux-source-2.6.17	6.10 edgy	Ignored end of life
linux-source-2.6.20	7.04 feisty	Fixed 2.6.20-17.36
linux-source-2.6.22	7.10 gutsy	Fixed 2.6.22-12.39

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

kernel-sec has 'ignored (2.6.18.dfsg.1-13etch3)'

kees

ABI changer -- will roll this out when a more serious ABI change comes in

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-618-1
Linux kernel vulnerabilities
19 June 2008

Other references

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
https://www.cve.org/CVERecord?id=CVE-2007-4571