Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2016 15:27:58 -0400
From: Kangjie Lu <>
To:, Chengyu Song <>, 
	Insu Yun <>, Taesoo Kim <>
Subject: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer


In function snd_timer_user_ccallback() of file sound/core/timer.c,
the stack object “r1” has a total size of 32 bytes. Its field “event” and
“val” both
contain 4 bytes padding. These 8 bytes padding bytes are sent to user
being initialized.

Fix info:
Patch has been applied:

Please help assign a CVE to this vulnerability.

Kangjie Lu

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ