CVE-2018-19824

Published: 3 December 2018

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

From the Ubuntu security team

Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash).

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-47.50)
	cosmic	Released (4.18.0-17.18)
	disco	Not vulnerable (4.19.0-12.13)
	precise	Ignored (was needed ESM criteria)
	trusty	Released (3.13.0-168.218)
	upstream	Released (4.20~rc6)
	xenial	Released (4.4.0-142.168)
	Patches: Introduced by 362e4e49abe53e89d87455dfcd7c1bbaf08a839d Fixed by 5f8cf712582617d523120df67d392059eaf2fc4b
linux-aws Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1035.37)
	cosmic	Released (4.18.0-1012.14)
	disco	Not vulnerable (5.0.0-1001.1)
	precise	Does not exist
	trusty	Released (4.4.0-1038.41)
	upstream	Released (4.20~rc6)
	xenial	Released (4.4.0-1075.85)
linux-aws-hwe Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-1035.37~16.04.1)
linux-azure Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-1014.14~18.04.1)
	cosmic	Released (4.18.0-1014.14)
	disco	Not vulnerable (5.0.0-1001.1)
	precise	Does not exist
	trusty	Released (4.15.0-1041.45~14.04.1)
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-1041.45)
linux-azure-edge Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-1014.14~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-1041.45)
linux-euclid Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Ignored (was needed ESM criteria)
linux-flo Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.20~rc6)
	xenial	Ignored (abandoned)
linux-gcp Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1029.31)
	cosmic	Released (4.18.0-1008.9)
	disco	Not vulnerable (5.0.0-1001.1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-1029.31~16.04.1)
linux-gcp-edge Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-1008.9~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-gke Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Ignored (end-of-life)
linux-goldfish Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.20~rc6)
	xenial	Ignored (end-of-life)
linux-grouper Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-hwe Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-17.18~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-47.50~16.04.1)
linux-hwe-edge Launchpad, Ubuntu, Debian	bionic	Not vulnerable (5.0.0-15.16~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-47.50~16.04.1)
linux-kvm Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1031.31)
	cosmic	Released (4.18.0-1009.9)
	disco	Not vulnerable (5.0.0-1001.1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.4.0-1040.46)
linux-lts-trusty Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Released (3.13.0-168.218~precise1)
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-lts-utopic Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end-of-life])
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-lts-vivid Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end-of-life])
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-lts-wily Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end-of-life])
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-lts-xenial Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Released (4.4.0-142.168~14.04.1)
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-maguro Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-mako Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.20~rc6)
	xenial	Ignored (abandoned)
linux-manta Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.20~rc6)
	xenial	Does not exist
linux-oem Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1035.40)
	cosmic	Released (4.15.0-1035.40)
	disco	Not vulnerable (4.15.0-1035.40)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Ignored (was needs-triage now end-of-life)
linux-oracle Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1010.12)
	cosmic	Released (4.15.0-1010.12)
	disco	Not vulnerable (4.15.0-1010.12)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.15.0-1010.12~16.04.1)
linux-raspi2 Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1033.35)
	cosmic	Released (4.18.0-1011.13)
	disco	Not vulnerable (5.0.0-1004.4)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.4.0-1103.111)
linux-snapdragon Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1053.57)
	cosmic	Does not exist
	disco	Not vulnerable (5.0.0-1010.10)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (4.20~rc6)
	xenial	Released (4.4.0-1107.112)

References

Bugs

https://bugzilla.suse.com/show_bug.cgi?id=1118152

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security