oss-sec mailing list archives

CVE Request: ALSA: Another information leak vulnerability in sound/core/timer

From: Kangjie Lu <kangjielu () gmail com>
Date: Tue, 10 May 2016 15:30:24 -0400

Hello,

In function snd_timer_user_tinterrupt() of file sound/core/timer.c,
the stack object “r1” has a total size of 32 bytes. Its field “event” and
“val” both
contain 4 bytes padding. These 8 bytes padding bytes are sent to user
without
being initialized.

Fix info:
*https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
<https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5>*
Patch has been applied: http://comments.gmane.org/gmane.linux.kernel/2214250

Please help assign a CVE to this vulnerability.

Thanks,
Kangjie Lu

Current thread:

CVE Request: ALSA: Another information leak vulnerability in sound/core/timer Kangjie Lu (May 10)