PT-2019-4662 · Linux+4 · Linux Kernel+4

Tristan Madani

Publicado

2019-11-06

Atualizado

2023-01-17

CVE-2019-19807

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.11

Description The issue is related to a use-after-free error in the Linux kernel, specifically in the sound/core/timer.c file. This error is caused by erroneous code refactoring and is associated with the snd timer open and snd timer close locked functions. The timeri variable was originally intended for a newly created timer instance but was used for a different purpose after refactoring. Exploitation of this issue may allow an attacker to elevate their privileges.

Recommendations For Linux kernel versions prior to 5.3.11, update to version 5.3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the snd timer open and snd timer close locked functions until a patch is available.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2019-3131

ALT-PU-2019-3155

ALT-PU-2019-3184

ALT-PU-2020-1421

ALT-PU-2020-1450

ALT-PU-2020-1714

BDU:2020-00854

CESA-2020_3010

CESA-2020_3016

CESA-2020_4060

CVE-2019-19807

RHSA-2020:3010

RHSA-2020:3016

RHSA-2020:3222

RHSA-2020:4060

RHSA-2020:4062

RHSA-2020_3010

RHSA-2020_3016

RHSA-2020_4060

RHSA-2020_4062

USN-4225-1

USN-4227-1

USN-4227-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2019-4662 · Linux+4 · Linux Kernel+4

CVE-2019-19807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52