CVE-2019-19807

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.10 % (41^th)

Affected Products 2

Advisories 9

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-12-15 23:15:11
(4 years ago)
Updated Date: 2023-01-17 21:31:24
(20 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.9.199 version and prior 4.9.201 version	cpe:2.3:o:linux:linux_kernel	>= 4.9.199	< 4.9.201
Linux Kernel from 4.14.152 version and prior 4.14.154 version	cpe:2.3:o:linux:linux_kernel	>= 4.14.152	< 4.14.154
Linux Kernel from 4.19.82 version and prior 4.19.84 version	cpe:2.3:o:linux:linux_kernel	>= 4.19.82	< 4.19.84
Linux Kernel from 5.2 version and prior 5.3.11 version	cpe:2.3:o:linux:linux_kernel	>= 5.2	< 5.3.11

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10