Description An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.
CVSS vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Exploitability: 0.5 | Impact: 5.9 Attack Vector: Local
Complexity: High
Privileges: High
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages6 packages Show 1 more packages Also affects: Ubuntu Linux 16.04, 18.04
🔴 Vulnerability Details5 GHSA GHSA-m875-298f-9g98: An issue was discovered in the Linux kernel before 5 ↗ 2022-05-24 ▶ OSV linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression ↗ 2019-09-11 ▶ OSV linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities ↗ 2019-09-02 ▶ OSV linux-aws vulnerabilities ↗ 2019-09-02 ▶ OSV CVE-2019-15214: An issue was discovered in the Linux kernel before 5 ↗ 2019-08-19 ▶
📋 Vendor Advisories6 Android CVE-2019-15214: Sound subsystem ↗ 2020-01-01 ▶ Ubuntu Linux kernel regression ↗ 2019-09-11 ▶ Ubuntu Linux kernel (AWS) vulnerabilities ↗ 2019-09-02 ▶ Ubuntu Linux kernel vulnerabilities ↗ 2019-09-02 ▶ Red Hat kernel: use-after-free in sound/core/init.c and sound/core/info.c ↗ 2019-08-19 ▶ Show 1 more
📄 Research Papers1 arXiv A Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones ↗ 2025-05-05 ▶
💬 Community2 Bugzilla CVE-2019-15214 kernel: use-after-free in sound/core/init.c and sound/core/info.c [fedora-all] ↗ 2019-08-20 ▶ Bugzilla CVE-2019-15214 kernel: use-after-free in sound/core/init.c and sound/core/info.c ↗ 2019-08-20 ▶