CVE Vulnerabilities

CVE-2015-0058

Double Free

Published: Feb 11, 2015 | Modified: Apr 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka Windows Cursor Object Double Free Vulnerability.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name Vendor Start Version End Version
Windows_8.1 Microsoft - (including) - (including)
Windows_rt_8.1 Microsoft - (including) - (including)
Windows_server_2012 Microsoft r2 (including) r2 (including)

Potential Mitigations

References