Bug 1786078 (CVE-2019-19807)
| Summary: | CVE-2019-19807 kernel: use-after-free in sound/core/timer.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, airlied, asavkov, bdettelb, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jschorr, jshortt, jstancek, jthierry, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rhandlin, rt-maint, rvrbovsk, steved, williams, ycote, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer->max_instances check leading to an invalid address. This could lead to a use-after-free vulnerability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-07-21 13:27:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1786080, 1795892, 1795893, 1795894, 1795895, 1798457, 1798459, 1798467, 1798468, 1798469, 1798470, 1798476, 1821714, 1821715, 1888653 | ||
| Bug Blocks: | 1786081 | ||
|
Description
msiddiqu
2019-12-23 10:48:50 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1786080] This was fixed for Fedora with the 5.3.11 stable kernel updates. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.1.0, that is Red Hat Enterprise Linux 8.1 GA kernel version. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3010 https://access.redhat.com/errata/RHSA-2020:3010 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3016 https://access.redhat.com/errata/RHSA-2020:3016 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19807 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3222 https://access.redhat.com/errata/RHSA-2020:3222 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060 |