Red Hat Bugzilla – Bug 288961
CVE-2007-4571 ALSA memory disclosure flaw
Last modified: 2011-09-28 18:58:56 EDT
iDefense reported a flaw in ALSA snd_mem_proc_read. A local user who has the
ability to read the /proc/driver/snd-page-alloc file could potentially gain
access to read sensitive information from kernel memory.
CVSS v2 Base score: 2.1 (Low) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Red Hat would like to credit iDefense and Neil Kettle for reporting this issue.
Created attachment 194421 [details]
Doesn't Affect: rhel-2.1 (no snd_mem_proc_read)
Doesn't Affect: rhel-3 (no snd_mem_proc_read)
Probably Affects: rhel-4
Probably Affects: rhel-5
Exploiting this issue will give the user the ability to see a number of
uninitialized bytes, up to 41 bytes, but they have no control over what they see.
Now public via
All children bugs have been closed, parent is no longer needed.