CVE Vulnerabilities

CVE-2017-18595

Double Free

Published: Sep 04, 2019 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
7.8 IMPORTANT
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 3.10 (including) 3.16.55 (excluding)
Linux_kernel Linux 3.17 (including) 3.18.91 (excluding)
Linux_kernel Linux 3.19 (including) 4.1.50 (excluding)
Linux_kernel Linux 4.2 (including) 4.4.109 (excluding)
Linux_kernel Linux 4.5 (including) 4.9.74 (excluding)
Linux_kernel Linux 4.10 (including) 4.14.11 (excluding)
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-1127.8.2.rt56.1103.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-1127.8.2.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-alt-0:4.14.0-115.21.2.el7a *
Red Hat Enterprise Linux 7.2 Advanced Update Support RedHat kernel-0:3.10.0-327.88.1.el7 *
Red Hat Enterprise Linux 7.3 Advanced Update Support RedHat kernel-0:3.10.0-514.76.1.el7 *
Red Hat Enterprise Linux 7.3 Telco Extended Update Support RedHat kernel-0:3.10.0-514.76.1.el7 *
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions RedHat kernel-0:3.10.0-514.76.1.el7 *
Red Hat Enterprise Linux 7.4 Advanced Update Support RedHat kernel-0:3.10.0-693.67.1.el7 *
Red Hat Enterprise Linux 7.4 Telco Extended Update Support RedHat kernel-0:3.10.0-693.67.1.el7 *
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions RedHat kernel-0:3.10.0-693.67.1.el7 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat kernel-0:3.10.0-957.54.1.el7 *
Red Hat Enterprise Linux 7.7 Extended Update Support RedHat kernel-0:3.10.0-1062.26.1.el7 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-1:3.10.0-693.67.1.rt56.665.el6rt *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat kernel-0:3.10.0-957.54.1.el7 *
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-aws-5.15 Ubuntu upstream *
Linux-aws-5.4 Ubuntu upstream *
Linux-aws-6.8 Ubuntu upstream *
Linux-aws-fips Ubuntu trusty *
Linux-aws-fips Ubuntu upstream *
Linux-aws-fips Ubuntu xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu upstream *
Linux-azure-5.15 Ubuntu upstream *
Linux-azure-5.4 Ubuntu upstream *
Linux-azure-6.8 Ubuntu upstream *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu focal *
Linux-azure-fde Ubuntu upstream *
Linux-azure-fde-5.15 Ubuntu upstream *
Linux-azure-fips Ubuntu trusty *
Linux-azure-fips Ubuntu upstream *
Linux-azure-fips Ubuntu xenial *
Linux-bluefield Ubuntu upstream *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/xenial *
Linux-fips Ubuntu upstream *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu upstream *
Linux-gcp-5.15 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu upstream *
Linux-gcp-6.8 Ubuntu upstream *
Linux-gcp-edge Ubuntu upstream *
Linux-gcp-fips Ubuntu trusty *
Linux-gcp-fips Ubuntu upstream *
Linux-gcp-fips Ubuntu xenial *
Linux-gke Ubuntu focal *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu upstream *
Linux-gkeop Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu upstream *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.15 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu upstream *
Linux-hwe-6.8 Ubuntu upstream *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu upstream *
Linux-ibm-5.15 Ubuntu upstream *
Linux-ibm-5.4 Ubuntu upstream *
Linux-intel Ubuntu upstream *
Linux-intel-iot-realtime Ubuntu upstream *
Linux-intel-iotg Ubuntu upstream *
Linux-intel-iotg-5.15 Ubuntu upstream *
Linux-iot Ubuntu upstream *
Linux-kvm Ubuntu upstream *
Linux-kvm Ubuntu xenial *
Linux-lowlatency Ubuntu upstream *
Linux-lowlatency-hwe-5.15 Ubuntu upstream *
Linux-lowlatency-hwe-6.8 Ubuntu upstream *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu upstream *
Linux-nvidia Ubuntu upstream *
Linux-nvidia-6.5 Ubuntu upstream *
Linux-nvidia-6.8 Ubuntu upstream *
Linux-nvidia-lowlatency Ubuntu upstream *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-6.11 Ubuntu upstream *
Linux-oem-6.8 Ubuntu upstream *
Linux-oracle Ubuntu upstream *
Linux-oracle-5.15 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu upstream *
Linux-oracle-6.8 Ubuntu upstream *
Linux-raspi Ubuntu upstream *
Linux-raspi-5.4 Ubuntu upstream *
Linux-raspi-realtime Ubuntu upstream *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-realtime Ubuntu jammy *
Linux-realtime Ubuntu upstream *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu jammy *
Linux-riscv Ubuntu upstream *
Linux-riscv-5.15 Ubuntu upstream *
Linux-riscv-6.8 Ubuntu upstream *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-xilinx-zynqmp Ubuntu upstream *

Potential Mitigations

References