In the Linux kernel, sound/core/timer.c has a use-after-free caused by erroneous code refactoring. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1786080]
This was fixed for Fedora with the 5.3.11 stable kernel updates.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.