The sndtimeruser_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", "deprecated": false, "signature_type": "Function", "target": { "file": "sound/core/timer.c", "function": "snd_timer_user_params" }, "id": "CVE-2016-4569-014744e6", "digest": { "function_hash": "118125841286863328382855202895200389985", "length": 2685.0 } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@cec8f96e49d9be372fdb0c3836dcf31ec71e457e", "deprecated": false, "signature_type": "Line", "target": { "file": "sound/core/timer.c" }, "id": "CVE-2016-4569-79090403", "digest": { "line_hashes": [ "105360571433215671150221901625046448946", "249624640574873768486877338186070479432", "131805482525612158179530408061871325057", "332565174836649587625399280206260812406" ], "threshold": 0.9 } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@cec8f96e49d9be372fdb0c3836dcf31ec71e457e", "deprecated": false, "signature_type": "Function", "target": { "file": "sound/core/timer.c", "function": "snd_timer_user_params" }, "id": "CVE-2016-4569-8246a98e", "digest": { "function_hash": "118125841286863328382855202895200389985", "length": 2685.0 } }, { "signature_version": "v1", "source": "https://github.com/torvalds/linux/commit/cec8f96e49d9be372fdb0c3836dcf31ec71e457e", "deprecated": false, "signature_type": "Line", "target": { "file": "sound/core/timer.c" }, "id": "CVE-2016-4569-f94b922a", "digest": { "line_hashes": [ "105360571433215671150221901625046448946", "249624640574873768486877338186070479432", "131805482525612158179530408061871325057", "332565174836649587625399280206260812406" ], "threshold": 0.9 } } ] }