CVE-2007-4571

Name	CVE-2007-4571
Description	The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1479-1, DSA-1505-1
Debian Bugs	444571

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
alsa-driver	source	sarge	1.0.8-7sarge1		DSA-1505-1
alsa-driver	source	etch	1.0.13-5etch1		DSA-1505-1
alsa-driver	source	(unstable)	1.0.15-1
alsa-modules-i386	source	sarge	1.0.8+2sarge2		DSA-1505-1
linux-2.6	source	etch	2.6.18.dfsg.1-17etch1		DSA-1479-1
linux-2.6	source	(unstable)	2.6.22-5	low		444571

Notes

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
very easy to exploit locally