CVE Vulnerabilities

CVE-2008-2944

Double Free

Published: Jun 30, 2008 | Modified: Feb 07, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Fedora_core Fedoraproject 6 6
Linux_kernel Linux 2.6.18 2.6.18
Enterprise_linux Redhat 5.0 5.0

Potential Mitigations

References