1. Home
  2. Vulnerabilities
  3. CVE-2016-4578

CVE-2016-4578

CVSS v3.0 5.5 (Medium)
55% Progress
CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 11
Advisories 27
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2016-05-23 10:59:09
(8 years ago)
Updated Date
2019-03-25 18:58:19
(5 years ago)

Affected Products

Canonical

Debian

Linux

Opensuse

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel 4.6 and prior versions cpe:2.3:o:linux:linux_kernel <= 4.6

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 15.10 cpe:2.3:o:canonical:ubuntu_linux:15.10
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts

Configuration #3

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Server Aus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  Redhat Enterprise Linux Server Aus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  Redhat Enterprise Linux Server Aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  Redhat Enterprise Linux Server Eus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
  Redhat Enterprise Linux Server Eus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  Redhat Enterprise Linux Server Eus 7.5 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  Redhat Enterprise Linux Server Eus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  Redhat Enterprise Linux Server Tus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
  Redhat Enterprise Linux Server Tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #5

    CPE23 From Up To
  Opensuse Leap 42.1 cpe:2.3:o:opensuse:leap:42.1
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1