+++ This bug was initially created as a clone of Bug #193796 +++ Local exploitation of an information disclosure vulnerability within the ALSA driver included in the Linux Kernel allows attackers to obtain sensitive information from kernel memory. The problem lies within the handling of multiple reads from the "/proc/driver/snd-page-alloc" file. The kernel side function that handles the read system call, "snd_mem_proc_read", is defined in sound/core/memalloc.c The fix is available with 2.6.22.8 or in this commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
This might be is an issue for the non-kernel modules, too. Alsa, please advise.
yes, alsa-driver is also affected
alsa, please provide a fixed version of alsa-driver.
It's in the tree now, alsa-driver-1.0.14-r1.
Guess, we'll have to wait a bit :(
(In reply to comment #5) > Guess, we'll have to wait a bit :( Fixed!
arches, please test and mark stable media-sound/alsa-driver-1.0.14-r1 target "alpha amd64 ia64 ~mips ppc ppc64 x86"
x86 stable
ppc stable
ppc64 stable
Sorry that it took so long, but amd64 is done.
1.0.14-r1 bombs on my XP1000: CC [M] /var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore/rawmidi.o CC [M] /var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore/timer.o CC [M] /var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore/sound.o /var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore/sound.c: In function ‘alsa_sound_exit’: /var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore/sound.c:552: error: void value not ignored as it ought to be make[4]: *** [/var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore/sound.o] Error 1 make[3]: *** [/var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14/acore] Error 2 make[2]: *** [_module_/var/tmp/portage/media-sound/alsa-driver-1.0.14-r1/work/alsa-driver-1.0.14] Error 2 make[1]: *** [modules] Error 2 make[1]: Leaving directory `/usr/src/linux-2.6.23-rc3' make: *** [compile] Error 2 # emerge --info Portage 2.1.3.12 (default-linux/alpha/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-rc3 alpha) ================================================================= System uname: 2.6.23-rc3 alpha EV6 Timestamp of tree: Sat, 13 Oct 2007 17:50:01 +0000 distcc 2.18.3 alpha-unknown-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r4, 2.5.1-r2 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0_rc4-r1 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="alpha ~alpha" CBUILD="alpha-unknown-linux-gnu" CFLAGS="-mieee -pipe -O2 -mcpu=ev6" CHOST="alpha-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-mieee -pipe -O2 -mcpu=ev6" DISTDIR="/usr/portage/distfiles" FEATURES="distcc distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://gentoo.mirror.solnet.ch http://pandemonium.tiscali.de/pub/gentoo/" INSTALL_MASK="/etc/udev/rules.d/75-persistent-net-generator.rules" LC_ALL="en_US.utf8" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync5.de.gentoo.org/gentoo-portage" USE="X acl alpha alsa ao apache2 audacious audiofile bash-completion berkdb bitmap-fonts bzip2 cairo calendar cdparanoia cdr cli cracklib crypt cups dbus dio dri dvdr dvdread encode ethereal evo exif fam ffmpeg fftw firefox flac fortran ftp gdbm gif gpm gstreamer gtk hal iconv imlib2 isdnlog jpeg kdeenablefinal libcaca libsamplerate lua mad matroska midi mikmod mmap mng moznocompose moznoirc moznomail mozsvg mp3 mpeg mudflap ncurses network-cron nls nptl nptlonly offensive ogg openmp oss pam pcre pdf pdflib perl png pnm ppds pppd python qt3 qt3support qt4 quicktime rar readline recode reflection session sharedmem sndfile sockets sox spell spl ssl svg szip tcpd tetex theora truetype truetype-fonts type1-fonts unicode usb v4l v4l2 vcd vidix vim vim-pager vlm vorbis xcb xml xorg xosd xpm xv xvid zlib" ALSA_CARDS="ali5451 als4000 bt87x ca0106 cmipci emu10k1 ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 maestro3 trident usb-audio via82xx ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="vga glint mga" Unset: CTARGET, EMERGE_DEFAULT_OPTS, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Haven't checked, but that looks like an unrelated issue (i.e. previous versions will also fail against that kernel). Open a new bug if there isn't one already.
Ysowink and I narrowed my problem down to being with .23 kernels. On top of the issue I found, it also has the known sandbox violations that 2.3 is ripe with. So I tested against gentoo-sources-2.6.21-gentoo-r4 which is alphas current stable kernel. And it works out fine. It also makes all the right noises :)
alpha stable and ia64 keyword dropped, thanks Tobias for testing
ready for glsa decision. It's a local issue, rather hard to exploit, so I vote NO.
Voting NO and closing.
