// For flags

CVE-2016-4569

kernel: Information leak in Linux sound module in timer.c

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

La función snd_timer_user_params en sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer.

A vulnerability was found in Linux kernel. There is an information leak in file "sound/core/timer.c" of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-05-09 CVE Reserved
  • 2016-05-23 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-665: Improper Initialization
CAPEC
References (30)
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html 2023-09-12
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html 2023-09-12
http://rhn.redhat.com/errata/RHSA-2016-2574.html 2023-09-12
http://rhn.redhat.com/errata/RHSA-2016-2584.html 2023-09-12
http://www.debian.org/security/2016/dsa-3607 2023-09-12
http://www.ubuntu.com/usn/USN-3016-1 2023-09-12
http://www.ubuntu.com/usn/USN-3016-2 2023-09-12
http://www.ubuntu.com/usn/USN-3016-3 2023-09-12
http://www.ubuntu.com/usn/USN-3016-4 2023-09-12
http://www.ubuntu.com/usn/USN-3017-1 2023-09-12
http://www.ubuntu.com/usn/USN-3017-2 2023-09-12
http://www.ubuntu.com/usn/USN-3017-3 2023-09-12
http://www.ubuntu.com/usn/USN-3018-1 2023-09-12
http://www.ubuntu.com/usn/USN-3018-2 2023-09-12
http://www.ubuntu.com/usn/USN-3019-1 2023-09-12
http://www.ubuntu.com/usn/USN-3020-1 2023-09-12
http://www.ubuntu.com/usn/USN-3021-1 2023-09-12
http://www.ubuntu.com/usn/USN-3021-2 2023-09-12
https://bugzilla.redhat.com/show_bug.cgi?id=1334643 2016-11-03
https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e 2023-09-12
https://access.redhat.com/security/cve/CVE-2016-4569 2016-11-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
<= 4.6
Search vendor "Linux" for product "Linux Kernel" and version " <= 4.6"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Software Development Kit
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit"
11.0
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" and version "11.0"
sp4
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Software Development Kit
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" and version "12.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Software Development Kit
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Software Development Kit" and version "12.0"
sp1
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Debuginfo
Search vendor "Novell" for product "Suse Linux Enterprise Debuginfo"
11.0
Search vendor "Novell" for product "Suse Linux Enterprise Debuginfo" and version "11.0"
sp4
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Desktop
Search vendor "Novell" for product "Suse Linux Enterprise Desktop"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Desktop" and version "12.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Desktop
Search vendor "Novell" for product "Suse Linux Enterprise Desktop"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Desktop" and version "12.0"
sp1
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Live Patching
Search vendor "Novell" for product "Suse Linux Enterprise Live Patching"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Live Patching" and version "12.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Module For Public Cloud
Search vendor "Novell" for product "Suse Linux Enterprise Module For Public Cloud"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Module For Public Cloud" and version "12.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Real Time Extension
Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension" and version "12.0"
sp1
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Server
Search vendor "Novell" for product "Suse Linux Enterprise Server"
11.0
Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "11.0"
extra
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Server
Search vendor "Novell" for product "Suse Linux Enterprise Server"
11.0
Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "11.0"
sp4
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Server
Search vendor "Novell" for product "Suse Linux Enterprise Server"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "12.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Server
Search vendor "Novell" for product "Suse Linux Enterprise Server"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Server" and version "12.0"
sp1
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Workstation Extension
Search vendor "Novell" for product "Suse Linux Enterprise Workstation Extension"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Workstation Extension" and version "12.0"
-
Affected
Novell
Search vendor "Novell"
Suse Linux Enterprise Workstation Extension
Search vendor "Novell" for product "Suse Linux Enterprise Workstation Extension"
12.0
Search vendor "Novell" for product "Suse Linux Enterprise Workstation Extension" and version "12.0"
sp1
Affected