In the Linux kernel, sound/core/timer.c has a use-after-free caused by erroneous code refactoring. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. References: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 Upstream Patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1786080]
This was fixed for Fedora with the 5.3.11 stable kernel updates.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.1.0, that is Red Hat Enterprise Linux 8.1 GA kernel version.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3010 https://access.redhat.com/errata/RHSA-2020:3010
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3016 https://access.redhat.com/errata/RHSA-2020:3016
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19807
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3222 https://access.redhat.com/errata/RHSA-2020:3222
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060