CVE-2019-15214

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

http://www.openwall.com/lists/oss-security/2019/08/20/2

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c2f870890fd28e023b0fcf49dcee333f2c8bad7

https://security.netapp.com/advisory/ntap-20190905-0002/

https://syzkaller.appspot.com/bug?id=75903e0021cef79bc434d068b5169b599b2a46a9

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4118-1/

Details

Source: MITRE

Published: 2019-08-19

Updated: 2020-03-06

Type: CWE-416

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.5

Severity: MEDIUM

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
138418Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5755)NessusOracle Linux Local Security Checks
high
138417Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5754)NessusOracle Linux Local Security Checks
medium
138416OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0028)NessusOracleVM Local Security Checks
medium
138247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5750)NessusOracle Linux Local Security Checks
medium
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
131120SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)NessusSuSE Local Security Checks
critical
130949SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)NessusSuSE Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
130163SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2738-1)NessusSuSE Local Security Checks
critical
129845SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)NessusSuSE Local Security Checks
critical
129345openSUSE Security Update : the Linux Kernel (openSUSE-2019-2181)NessusSuSE Local Security Checks
critical
129339openSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)NessusSuSE Local Security Checks
critical
129157SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2424-1)NessusSuSE Local Security Checks
critical
129156SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)NessusSuSE Local Security Checks
critical
129154SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)NessusSuSE Local Security Checks
critical
129129EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1972)NessusHuawei Local Security Checks
high
128680Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)NessusUbuntu Local Security Checks
critical
128478Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)NessusUbuntu Local Security Checks
critical
128475Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)NessusUbuntu Local Security Checks
critical