← Back

CVE-2015-8962

nvd nist
Published: Nov 16, 2016Modified: May 6, 2026

JSON object

Loading...
7.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.3 / Impact: 5.9
Source: NVD

Description

Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.

Affected (6)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
Before 3.2.85
Linux Kernel
From 3.12 to 3.12.70
Linux Kernel
From 3.13 to 3.16.40
Linux Kernel
From 3.17 to 3.18.54
Linux Kernel
From 3.19 to 4.4
Linux Kernel
From 3.3 to 3.10.107

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (8)

Source: security@android.com
PatchVendor Advisory
Source: security@android.com
Third Party AdvisoryVDB Entry
Source: security@android.com
PatchVendor Advisory
Source: security@android.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.