CVE Vulnerabilities

CVE-2020-15710

Double Free

Published: Nov 19, 2020 | Modified: Dec 16, 2020
CVSS 3.x
6.1
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu1 1:8.0-0ubuntu1
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu2 1:8.0-0ubuntu2
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3 1:8.0-0ubuntu3
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.1 1:8.0-0ubuntu3.1
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.2 1:8.0-0ubuntu3.2
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.3 1:8.0-0ubuntu3.3
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.4 1:8.0-0ubuntu3.4
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.5 1:8.0-0ubuntu3.5
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.6 1:8.0-0ubuntu3.6
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.7 1:8.0-0ubuntu3.7
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.8 1:8.0-0ubuntu3.8
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.9 1:8.0-0ubuntu3.9
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.10 1:8.0-0ubuntu3.10
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.11 1:8.0-0ubuntu3.11
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu3.12 1:8.0-0ubuntu3.12
Pulseaudio Pulseaudio_project 1:8.0-0ubuntu4 1:8.0-0ubuntu4

Potential Mitigations

References