CVE-2016-4569
Publication date 23 May 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
From the Ubuntu Security Team
Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Fixed 4.4.0-28.47
|
|
14.04 LTS trusty |
Fixed 3.13.0-91.138
|
|
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-flo | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.16.0-76.98~14.04.1
|
|
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.19.0-64.72~14.04.1
|
|
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.2.0-41.48~14.04.1
|
|
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-28.47~14.04.1
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Fixed 4.4.0-1016.22
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Fixed 4.4.0-1019.22
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3020-1
- Linux kernel (Vivid HWE) vulnerabilities
- 27 June 2016
- USN-3018-2
- Linux kernel (Trusty HWE) vulnerabilities
- 27 June 2016
- USN-3018-1
- Linux kernel vulnerabilities
- 27 June 2016
- USN-3021-2
- Linux kernel (OMAP4) vulnerabilities
- 27 June 2016
- USN-3021-1
- Linux kernel vulnerabilities
- 27 June 2016
- USN-3019-1
- Linux kernel (Utopic HWE) vulnerabilities
- 27 June 2016
- USN-3017-3
- Linux kernel (Wily HWE) vulnerabilities
- 27 June 2016
- USN-3016-1
- Linux kernel vulnerabilities
- 27 June 2016
- USN-3016-3
- Linux kernel (Qualcomm Snapdragon) vulnerabilities
- 27 June 2016
- USN-3016-4
- Linux kernel (Xenial HWE) vulnerabilities
- 27 June 2016
- USN-3016-2
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 27 June 2016
- USN-3017-1
- Linux kernel vulnerabilities
- 27 June 2016
- USN-3017-2
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 27 June 2016