The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 4.1.41 (including) | 4.1.51 (excluding) |
Linux_kernel | Linux | 4.3 (including) | 4.4.123 (excluding) |
Linux_kernel | Linux | 4.5 (including) | 4.9.89 (excluding) |
Linux_kernel | Linux | 4.10 (including) | 4.11 (excluding) |