CVE-2007-4571 Information

Description

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size which allows local users to obtain sensitive information (kernel memory contents) via a small count argument as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600 http://secunia.com/advisories/26918 http://secunia.com/advisories/26980 http://secunia.com/advisories/26989 http://secunia.com/advisories/27101 http://secunia.com/advisories/27227 http://secunia.com/advisories/27436 http://secunia.com/advisories/27747 http://secunia.com/advisories/27824 http://secunia.com/advisories/28626 http://secunia.com/advisories/29054 http://secunia.com/advisories/30769 http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm http://www.debian.org/security/2008/dsa-1479 http://www.debian.org/security/2008/dsa-1505 http://www.novell.com/linux/security/advisories/2007_53_kernel.html http://www.redhat.com/support/errata/RHSA-2007-0939.html http://www.redhat.com/support/errata/RHSA-2007-0993.html http://www.securityfocus.com/bid/25807 http://www.securitytracker.com/id?1018734 http://www.ubuntu.com/usn/usn-618-1 http://www.vupen.com/english/advisories/2007/3272 https://exchange.xforce.ibmcloud.com/vulnerabilities/36780 https://issues.rpath.com/browse/RPL-1761 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9053 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html