Use-after-free in Linux kernel

1) Use-after-free

EUVDB-ID: #VU20815

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15214

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists in the Advanced Linux Sound Architecture (ALSA) subsystem in "sound/core/init.c" and "sound/core/info.c" due to the card disconnection causes certain data structures to be deleted too early. A local authenticated user with physical access to the system can exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 5.0 - 5.0.9

External links

http://www.openwall.com/lists/oss-security/2019/08/20/2
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c2f870890fd28e023b0fcf49dcee333f2c8bad7
http://syzkaller.appspot.com/bug?id=75903e0021cef79bc434d068b5169b599b2a46a9
http://usn.ubuntu.com/4115-1/
http://usn.ubuntu.com/4118-1/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.