{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2016:1690", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"}, {"name": "SUSE-SU-2016:1696", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"}, {"name": "USN-3017-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"}, {"name": "USN-3017-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"name": "openSUSE-SU-2016:2184", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"name": "USN-3018-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"name": "USN-3021-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"name": "USN-3017-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"name": "RHSA-2016:2584", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"}, {"name": "RHSA-2016:2574", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "USN-3019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"name": "openSUSE-SU-2016:1641", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3016-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"name": "USN-3016-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"name": "SUSE-SU-2016:1672", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"name": "USN-3021-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"name": "USN-3018-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"name": "90347", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90347"}, {"name": "SUSE-SU-2016:2105", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"name": "USN-3016-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"name": "USN-3016-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"name": "USN-3020-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3020-1"}, {"name": "SUSE-SU-2016:1937", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-4569", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2016:1690", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"}, {"name": "SUSE-SU-2016:1696", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"}, {"name": "USN-3017-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"name": "SUSE-SU-2016:1985", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"}, {"name": "USN-3017-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"name": "openSUSE-SU-2016:2184", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"name": "USN-3018-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"name": "USN-3021-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"name": "USN-3017-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"}, {"name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "USN-3019-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"name": "openSUSE-SU-2016:1641", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"name": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"name": "DSA-3607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3016-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"name": "USN-3016-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"name": "SUSE-SU-2016:1672", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"name": "USN-3021-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"name": "USN-3018-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"name": "90347", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90347"}, {"name": "SUSE-SU-2016:2105", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"name": "USN-3016-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"name": "USN-3016-4", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"name": "USN-3020-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3020-1"}, {"name": "SUSE-SU-2016:1937", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:26.040Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2016:1690", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"}, {"name": "SUSE-SU-2016:1696", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"}, {"name": "USN-3017-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "[oss-security] 20160509 Re: CVE Request: kernel information leak vulnerability in Linux sound module", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"}, {"name": "USN-3017-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"name": "openSUSE-SU-2016:2184", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"name": "USN-3018-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"name": "USN-3021-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"name": "USN-3017-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"name": "RHSA-2016:2584", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"}, {"name": "RHSA-2016:2574", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "USN-3019-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"name": "openSUSE-SU-2016:1641", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3016-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"name": "USN-3016-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"name": "SUSE-SU-2016:1672", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"name": "USN-3021-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"name": "USN-3018-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"name": "90347", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90347"}, {"name": "SUSE-SU-2016:2105", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"name": "USN-3016-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"name": "USN-3016-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"name": "USN-3020-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3020-1"}, {"name": "SUSE-SU-2016:1937", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-4569", "datePublished": "2016-05-23T10:00:00", "dateReserved": "2016-05-09T00:00:00", "dateUpdated": "2024-08-06T00:32:26.040Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9F34BEC-51BF-44FB-8919-029E2E8E5690", "versionEndIncluding": "4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "A5FDEDA8-6F51-4945-B443-438CC987F235", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "336EC5B8-6FD8-42BB-9530-58A15238CEE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "01E6CAD9-DC1F-4C7C-8C8E-98E4BFABAC94", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "E090E7B3-2346-463D-8A0C-8B482500CB42", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "6359EF76-9371-4418-8694-B604CF02CF63", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCAAE4A1-D542-43F3-B7FC-685BCDB248D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "A961CBC6-3CA1-4A0F-BBE0-8F6315781B7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "B2905A9C-3E00-4188-8341-E5C2F62EF405", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*", "matchCriteriaId": "A8877923-3E50-4F71-B501-E6997894D07E", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "ADE9D807-6690-4D67-A6B3-68BBC9B50153", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "81D94366-47D6-445A-A811-39327B150FCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF461FB4-8BA5-4065-9A69-DC017D3611C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "1F003591-0639-476C-A014-03F06A274880", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface."}, {"lang": "es", "value": "La funci\u00f3n snd_timer_user_params en sound/core/timer.c en el kernel de Linux hasta la versi\u00f3n 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener informaci\u00f3n sensible del kernel de memoria de pila a trav\u00e9s del uso manipulado de la interfaz ALSA timer."}], "id": "CVE-2016-4569", "lastModified": "2023-09-12T14:55:31.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-23T10:59:08.097", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/05/09/17"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/90347"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-3"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3016-4"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3017-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3017-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3017-3"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3018-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3018-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3019-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3020-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3021-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3021-2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2584", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-514.rt56.420.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}, {"advisory": "RHSA-2016:2574", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-514.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "kernel: Information leak in Linux sound module in timer.c", "id": "1334643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334643"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-665", "details": ["The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", "A vulnerability was found in Linux kernel. There is an information leak in file \"sound/core/timer.c\" of the latest mainline Linux kernel, the stack object \u201ctread\u201d has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak."], "name": "CVE-2016-4569", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2016-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4569\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4569\nhttp://comments.gmane.org/gmane.linux.kernel/2214250"], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "threat_severity": "Low"}