sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
3.13.0-125.1744.4.0-87.110~14.04.14.4.0-87.1104.4.0-1026.354.4.0-1022.224.10.0-32.36~16.04.14.4.0-1065.734.4.0-1067.725.4.0-1063.66+cvm2.25.4.0-1063.66+cvm3.25.4.0-1064.67+cvm1.15.4.0-1065.68+cvm2.15.4.0-1067.70+cvm1.15.4.0-1068.71+cvm1.15.4.0-1069.72+cvm1.15.4.0-1070.73+cvm1.15.4.0-1072.75+cvm1.15.4.0-1073.76+cvm1.1+16 more5.4.0-1033.355.4.0-1035.375.4.0-1036.385.4.0-1037.395.4.0-1039.415.4.0-1041.435.4.0-1042.445.4.0-1043.455.4.0-1044.465.4.0-1046.48+41 moreExploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:NA:NCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N