CVE-2019-19807 - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code

CVE-2019-19807

Summary

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:4.9.199:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.9.199:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.9.200:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.9.200:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.152:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.152:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.153:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.153:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.82:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.82:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.83:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.83:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.3.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-01-2023 - 21:31)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

redhat via4

rpms

bpftool-0:4.18.0-193.13.2.el8_2
bpftool-debuginfo-0:4.18.0-193.13.2.el8_2
kernel-0:4.18.0-193.13.2.el8_2
kernel-abi-whitelists-0:4.18.0-193.13.2.el8_2
kernel-core-0:4.18.0-193.13.2.el8_2
kernel-cross-headers-0:4.18.0-193.13.2.el8_2
kernel-debug-0:4.18.0-193.13.2.el8_2
kernel-debug-core-0:4.18.0-193.13.2.el8_2
kernel-debug-debuginfo-0:4.18.0-193.13.2.el8_2
kernel-debug-devel-0:4.18.0-193.13.2.el8_2
kernel-debug-modules-0:4.18.0-193.13.2.el8_2
kernel-debug-modules-extra-0:4.18.0-193.13.2.el8_2
kernel-debuginfo-0:4.18.0-193.13.2.el8_2
kernel-debuginfo-common-aarch64-0:4.18.0-193.13.2.el8_2
kernel-debuginfo-common-ppc64le-0:4.18.0-193.13.2.el8_2
kernel-debuginfo-common-s390x-0:4.18.0-193.13.2.el8_2
kernel-debuginfo-common-x86_64-0:4.18.0-193.13.2.el8_2
kernel-devel-0:4.18.0-193.13.2.el8_2
kernel-doc-0:4.18.0-193.13.2.el8_2
kernel-headers-0:4.18.0-193.13.2.el8_2
kernel-modules-0:4.18.0-193.13.2.el8_2
kernel-modules-extra-0:4.18.0-193.13.2.el8_2
kernel-tools-0:4.18.0-193.13.2.el8_2
kernel-tools-debuginfo-0:4.18.0-193.13.2.el8_2
kernel-tools-libs-0:4.18.0-193.13.2.el8_2
kernel-tools-libs-devel-0:4.18.0-193.13.2.el8_2
kernel-zfcpdump-0:4.18.0-193.13.2.el8_2
kernel-zfcpdump-core-0:4.18.0-193.13.2.el8_2
kernel-zfcpdump-debuginfo-0:4.18.0-193.13.2.el8_2
kernel-zfcpdump-devel-0:4.18.0-193.13.2.el8_2
kernel-zfcpdump-modules-0:4.18.0-193.13.2.el8_2
kernel-zfcpdump-modules-extra-0:4.18.0-193.13.2.el8_2
perf-0:4.18.0-193.13.2.el8_2
perf-debuginfo-0:4.18.0-193.13.2.el8_2
python3-perf-0:4.18.0-193.13.2.el8_2
python3-perf-debuginfo-0:4.18.0-193.13.2.el8_2
kernel-rt-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-core-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-core-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-debuginfo-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-devel-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-kvm-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-modules-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debug-modules-extra-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debuginfo-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-devel-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-kvm-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-modules-0:4.18.0-193.13.2.rt13.65.el8_2
kernel-rt-modules-extra-0:4.18.0-193.13.2.rt13.65.el8_2
bpftool-0:4.18.0-147.24.2.el8_1
bpftool-debuginfo-0:4.18.0-147.24.2.el8_1
kernel-0:4.18.0-147.24.2.el8_1
kernel-abi-whitelists-0:4.18.0-147.24.2.el8_1
kernel-core-0:4.18.0-147.24.2.el8_1
kernel-cross-headers-0:4.18.0-147.24.2.el8_1
kernel-debug-0:4.18.0-147.24.2.el8_1
kernel-debug-core-0:4.18.0-147.24.2.el8_1
kernel-debug-debuginfo-0:4.18.0-147.24.2.el8_1
kernel-debug-devel-0:4.18.0-147.24.2.el8_1
kernel-debug-modules-0:4.18.0-147.24.2.el8_1
kernel-debug-modules-extra-0:4.18.0-147.24.2.el8_1
kernel-debuginfo-0:4.18.0-147.24.2.el8_1
kernel-debuginfo-common-aarch64-0:4.18.0-147.24.2.el8_1
kernel-debuginfo-common-ppc64le-0:4.18.0-147.24.2.el8_1
kernel-debuginfo-common-s390x-0:4.18.0-147.24.2.el8_1
kernel-debuginfo-common-x86_64-0:4.18.0-147.24.2.el8_1
kernel-devel-0:4.18.0-147.24.2.el8_1
kernel-doc-0:4.18.0-147.24.2.el8_1
kernel-headers-0:4.18.0-147.24.2.el8_1
kernel-modules-0:4.18.0-147.24.2.el8_1
kernel-modules-extra-0:4.18.0-147.24.2.el8_1
kernel-tools-0:4.18.0-147.24.2.el8_1
kernel-tools-debuginfo-0:4.18.0-147.24.2.el8_1
kernel-tools-libs-0:4.18.0-147.24.2.el8_1
kernel-tools-libs-devel-0:4.18.0-147.24.2.el8_1
kernel-zfcpdump-0:4.18.0-147.24.2.el8_1
kernel-zfcpdump-core-0:4.18.0-147.24.2.el8_1
kernel-zfcpdump-debuginfo-0:4.18.0-147.24.2.el8_1
kernel-zfcpdump-devel-0:4.18.0-147.24.2.el8_1
kernel-zfcpdump-modules-0:4.18.0-147.24.2.el8_1
kernel-zfcpdump-modules-extra-0:4.18.0-147.24.2.el8_1
perf-0:4.18.0-147.24.2.el8_1
perf-debuginfo-0:4.18.0-147.24.2.el8_1
python3-perf-0:4.18.0-147.24.2.el8_1
python3-perf-debuginfo-0:4.18.0-147.24.2.el8_1
bpftool-0:3.10.0-1160.el7
bpftool-debuginfo-0:3.10.0-1160.el7
kernel-0:3.10.0-1160.el7
kernel-abi-whitelists-0:3.10.0-1160.el7
kernel-bootwrapper-0:3.10.0-1160.el7
kernel-debug-0:3.10.0-1160.el7
kernel-debug-debuginfo-0:3.10.0-1160.el7
kernel-debug-devel-0:3.10.0-1160.el7
kernel-debuginfo-0:3.10.0-1160.el7
kernel-debuginfo-common-ppc64-0:3.10.0-1160.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-1160.el7
kernel-debuginfo-common-s390x-0:3.10.0-1160.el7
kernel-debuginfo-common-x86_64-0:3.10.0-1160.el7
kernel-devel-0:3.10.0-1160.el7
kernel-doc-0:3.10.0-1160.el7
kernel-headers-0:3.10.0-1160.el7
kernel-kdump-0:3.10.0-1160.el7
kernel-kdump-debuginfo-0:3.10.0-1160.el7
kernel-kdump-devel-0:3.10.0-1160.el7
kernel-tools-0:3.10.0-1160.el7
kernel-tools-debuginfo-0:3.10.0-1160.el7
kernel-tools-libs-0:3.10.0-1160.el7
kernel-tools-libs-devel-0:3.10.0-1160.el7
perf-0:3.10.0-1160.el7
perf-debuginfo-0:3.10.0-1160.el7
python-perf-0:3.10.0-1160.el7
python-perf-debuginfo-0:3.10.0-1160.el7
kernel-rt-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7
kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7
kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7
kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7
kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200103-0001/
misc	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97 https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97
ubuntu	USN-4225-1 USN-4227-1 USN-4227-2

Last major update

17-01-2023 - 21:31

Published

15-12-2019 - 23:15

Last modified

17-01-2023 - 21:31