7.8

CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.10 < 3.16.55
LinuxLinux Kernel Version >= 3.17 < 3.18.91
LinuxLinux Kernel Version >= 3.19 < 4.1.50
LinuxLinux Kernel Version >= 4.2 < 4.4.109
LinuxLinux Kernel Version >= 4.5 < 4.9.74
LinuxLinux Kernel Version >= 4.10 < 4.14.11
OpensuseLeap Version15.0
OpensuseLeap Version15.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.266
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
Third Party Advisory
Mailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4397f04575c44e1440ec2e49b6302785c95fd2f8
Patch
Mailing List