sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
[
{
"id": "CVE-2017-1000380-afea556d",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "3682597822726785650698992460539468244",
"length": 1347.0
},
"signature_version": "v1",
"target": {
"function": "snd_timer_user_read",
"file": "sound/core/timer.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d11662f4f798b50d8c8743f433842c3e40fe3378"
},
{
"id": "CVE-2017-1000380-cc89b7ad",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"162278571850480146569868347555457492488",
"240123893275942123685160095464230617683",
"269434086816415661716780239250682401837",
"199401779655786599744435086372079489542",
"166464830113669978487915196761191360498",
"64556276443253226101710764118788141700",
"305404642050216255357166273310898564780",
"333324449149275494027284023533528946466",
"154641819525864092995759484600459137897",
"108336475135611143692946335437303640129",
"311325814843786208354147625428720980009",
"153494727234178399763086820781785750178",
"273020138776618984114780253342940288516",
"164175054867123812798700111091601864635",
"96341113765268710730460215777640595013",
"339327850949137143187244569060662467449",
"153804710164679821931512495165169497378",
"231986276998070189428417214449016142878",
"233880549088727816480929593159465195649",
"145289253296215923864305859502600806965",
"168194319869055013654384798166552143485"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/core/timer.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d11662f4f798b50d8c8743f433842c3e40fe3378"
}
]
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000380.json"
[
{
"id": "CVE-2017-1000380-78f9bfe8",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "37472695382594822718662002014266195530",
"length": 1381.0
},
"signature_version": "v1",
"target": {
"function": "snd_timer_user_tselect",
"file": "sound/core/timer.c"
},
"source": "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728"
},
{
"id": "CVE-2017-1000380-8c9e4093",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"162278571850480146569868347555457492488",
"240123893275942123685160095464230617683",
"269434086816415661716780239250682401837",
"199401779655786599744435086372079489542",
"166464830113669978487915196761191360498",
"64556276443253226101710764118788141700",
"305404642050216255357166273310898564780",
"333324449149275494027284023533528946466",
"154641819525864092995759484600459137897",
"108336475135611143692946335437303640129",
"311325814843786208354147625428720980009",
"153494727234178399763086820781785750178",
"273020138776618984114780253342940288516",
"164175054867123812798700111091601864635",
"96341113765268710730460215777640595013",
"339327850949137143187244569060662467449",
"153804710164679821931512495165169497378",
"231986276998070189428417214449016142878",
"233880549088727816480929593159465195649",
"145289253296215923864305859502600806965",
"168194319869055013654384798166552143485"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/core/timer.c"
},
"source": "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378"
},
{
"id": "CVE-2017-1000380-a8a6accf",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"119403327620937143391140136567351614136",
"258400915994369250794647330054076358380",
"226988369532796915758318207821279982396"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/core/timer.c"
},
"source": "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728"
},
{
"id": "CVE-2017-1000380-aa07b5f7",
"deprecated": false,
"signature_type": "Function",
"digest": {
"function_hash": "3682597822726785650698992460539468244",
"length": 1347.0
},
"signature_version": "v1",
"target": {
"function": "snd_timer_user_read",
"file": "sound/core/timer.c"
},
"source": "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378"
}
]
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000380.json"