CVE-2019-19807
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0008
Percentile
0,2th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.19.82
(inclusive)
To
4.19.84
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.2
(inclusive)
To
5.3.11
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.9.199
(inclusive)
To
4.9.201
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.14.152
(inclusive)
To
4.14.154
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd…
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af…
https://security.netapp.com/advisory/ntap-20200103-0001/
https://usn.ubuntu.com/4225-1/
https://usn.ubuntu.com/4227-1/
https://usn.ubuntu.com/4227-2/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd…
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af…
https://security.netapp.com/advisory/ntap-20200103-0001/
https://usn.ubuntu.com/4225-1/
https://usn.ubuntu.com/4227-1/
https://usn.ubuntu.com/4227-2/