CVE-2016-4578

NameCVE-2016-4578
Descriptionsound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-516-1, DSA-3607-1
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)wheezy3.2.78-1vulnerable
wheezy (security)3.2.93-1fixed
jessie3.16.43-2+deb8u2fixed
jessie (security)3.16.43-2+deb8u5fixed
stretch4.9.51-1fixed
stretch (security)4.9.30-2+deb9u5fixed
buster, sid4.13.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.5.5-1low
linuxsourcejessie3.16.7-ckt25-2+deb8u2lowDSA-3607-1
linuxsourcewheezy3.2.81-1lowDLA-516-1

Notes

https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5

Search for package or bug name: Reporting problems