Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2017-18595

Double Free

Published: Sep 04, 2019 | Modified: Oct 11, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
7.8 IMPORTANT
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-18595
CWEhttps://cwe.mitre.org/data/definitions/415.html

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * *
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-1127.8.2.rt56.1103.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-1127.8.2.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-alt-0:4.14.0-115.21.2.el7a *
Red Hat Enterprise Linux 7.2 Advanced Update Support RedHat kernel-0:3.10.0-327.88.1.el7 *
Red Hat Enterprise Linux 7.3 Advanced Update Support RedHat kernel-0:3.10.0-514.76.1.el7 *
Red Hat Enterprise Linux 7.3 Telco Extended Update Support RedHat kernel-0:3.10.0-514.76.1.el7 *
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions RedHat kernel-0:3.10.0-514.76.1.el7 *
Red Hat Enterprise Linux 7.4 Advanced Update Support RedHat kernel-0:3.10.0-693.67.1.el7 *
Red Hat Enterprise Linux 7.4 Telco Extended Update Support RedHat kernel-0:3.10.0-693.67.1.el7 *
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions RedHat kernel-0:3.10.0-693.67.1.el7 *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat kernel-0:3.10.0-957.54.1.el7 *
Red Hat Enterprise Linux 7.7 Extended Update Support RedHat kernel-0:3.10.0-1062.26.1.el7 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-1:3.10.0-693.67.1.rt56.665.el6rt *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-azure Ubuntu esm-infra/xenial *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-edge Ubuntu upstream *
Linux-azure-edge Ubuntu xenial *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-edge Ubuntu upstream *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu upstream *
Linux-hwe Ubuntu esm-infra/xenial *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-kvm Ubuntu esm-infra/xenial *
Linux-kvm Ubuntu upstream *
Linux-kvm Ubuntu xenial *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-lts-xenial Ubuntu upstream *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oracle Ubuntu upstream *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *

Potential Mitigations

References

Aqua SaaS Plans
The fastest track to get started with Aqua
Start Now
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2022 Aqua Security Software Ltd.   Privacy Policy | Terms of Use