Medium severity5.5NVD Advisory· Published Jun 17, 2017· Updated May 13, 2026
CVE-2017-1000380
CVE-2017-1000380
Description
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2017/06/12/2nvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728nvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378nvdIssue TrackingPatchThird Party Advisory
- www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5nvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/99121nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3981nvd
- access.redhat.com/errata/RHSA-2017:3295nvd
- access.redhat.com/errata/RHSA-2017:3315nvd
- access.redhat.com/errata/RHSA-2017:3322nvd
- source.android.com/security/bulletin/pixel/2017-12-01nvd
News mentions
0No linked articles in our index yet.