CVE-2016-4578

CVE Details

Release Date:

2016-05-03

Description

sound/core/timer.c in the Linux kernel through 4.6 does not initializecertain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

See more information about CVE-2016-4578 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score:	2.1	Base Metrics:	AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector:	Local network	Attack Complexity:	Low
Authentication:	None required	Confidentiality Impact:	Partial
Integrity Impact:	None	Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 5 (kernel-uek)	ELSA-2016-3646	2016-11-20
Oracle Linux version 6 (dtrace-modules-3.8.13-118.14.2.el6uek)	ELSA-2016-3645	2016-11-20
Oracle Linux version 6 (dtrace-modules-4.1.12-61.1.19.el6uek)	ELSA-2016-3644	2016-11-20
Oracle Linux version 6 (kernel-uek)	ELSA-2016-3644	2016-11-20
Oracle Linux version 6 (kernel-uek)	ELSA-2016-3645	2016-11-20
Oracle Linux version 6 (kernel-uek)	ELSA-2016-3646	2016-11-20
Oracle Linux version 7 (dtrace-modules-3.8.13-118.14.2.el7uek)	ELSA-2016-3645	2016-11-20
Oracle Linux version 7 (dtrace-modules-4.1.12-61.1.19.el7uek)	ELSA-2016-3644	2016-11-20
Oracle Linux version 7 (kernel)	ELSA-2016-2574	2016-11-09
Oracle Linux version 7 (kernel-uek)	ELSA-2016-3644	2016-11-20
Oracle Linux version 7 (kernel-uek)	ELSA-2016-3645	2016-11-20
Oracle VM version 3.2 (kernel-uek)	OVMSA-2016-0167	2016-11-25
Oracle VM version 3.3 (kernel-uek)	OVMSA-2016-0163	2016-11-21
Oracle VM version 3.4 (kernel-uek)	OVMSA-2016-0162	2016-11-21

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team