Your submission was sent successfully! Close

CVE-2019-19807

Published: 15 December 2019

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

From the Ubuntu security team

Tristan Madani discovered that the ALSA timer implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-74.84)
disco Not vulnerable
(4.18.0-10.11)
eoan
Released (5.3.0-26.28)
precise Not vulnerable
(3.0.0-12.20)
trusty Not vulnerable
(3.11.0-12.19)
upstream
Released (5.4~rc7)
xenial Not vulnerable
(4.2.0-16.19)
Patches:
Introduced by

41672c0c24a62699d20aab53b98d843b16483053

Fixed by e7af6307a8a54f0b873960b32b6a644f2d0fbd97
linux-aws
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1057.59)
disco Not vulnerable
(4.18.0-1002.3)
eoan
Released (5.3.0-1009.10)
precise Does not exist

trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (5.4~rc7)
xenial Not vulnerable
(4.4.0-1001.10)
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1021.24~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial
Released (4.15.0-1057.59~16.04.1)
linux-azure
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1002.2)
disco Not vulnerable
(4.18.0-1003.3)
eoan
Released (5.3.0-1009.10)
precise Does not exist

trusty
Released (4.15.0-1066.71~14.04.1)
upstream
Released (5.4~rc7)
xenial
Released (4.15.0-1066.71)
linux-azure-5.3
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-1009.10~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Ignored
(was needs-triage now end-of-life)
linux-gcp
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.15.0-1001.1)
disco Not vulnerable
(4.18.0-1002.3)
eoan
Released (5.3.0-1011.12)
precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial
Released (4.15.0-1052.56)
linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic
Released (5.3.0-1010.11~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1050.53)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1011.11~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1011.12~18.04.1)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.18.0-13.14~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial
Released (4.15.0-74.83~16.04.1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(was needs-triage now end-of-life)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Ignored
(was needs-triage now end-of-life)
linux-kvm
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1052.52)
disco Not vulnerable
(4.18.0-1003.3)
eoan
Released (5.3.0-1009.10)
precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Not vulnerable
(4.4.0-1004.9)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

precise Not vulnerable
(3.13.0-24.46~precise1)
trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

precise Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream
Released (5.4~rc7)
xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1066.76)
disco Ignored
(was pending \[4.15.0-1066.76\] now end-of-life)
eoan
Released (4.15.0-1066.76)
precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Ignored
(was needs-triage now end-of-life)
linux-oem-5.4
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1010.11)
disco Not vulnerable
(5.0.0-1010.11)
eoan Not vulnerable
(5.0.0-1010.11)
precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1031.34)
disco Not vulnerable
(4.15.0-1007.9)
eoan
Released (5.3.0-1008.9)
precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial
Released (4.15.0-1031.34~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1007.12~18.04.1)
disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1053.57)
disco Not vulnerable
(4.18.0-1005.7)
eoan
Released (5.3.0-1015.17)
precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Not vulnerable
(4.2.0-1013.19)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1017.19~18.04.1)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1070.77)
disco Not vulnerable
(5.0.0-1010.10)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (5.4~rc7)
xenial Not vulnerable
(4.4.0-1012.12)