CVE-2018-20961

Published: Aug 7, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.10 to 4.14.36
Linux Linux Kernel	From 4.15.0 to 4.16.4
Linux Linux Kernel	From 4.4 to 4.4.190
Linux Linux Kernel	From 4.5 to 4.9.96

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (20)

http://packetstormsecurity.com/files/154228/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4

Source: cve@mitre.org

Release NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fafcfdf6377b18b2a726ea554d6e593ba44349f

Source: cve@mitre.org

ExploitMailing ListVendor Advisory

https://github.com/torvalds/linux/commit/7fafcfdf6377b18b2a726ea554d6e593ba44349f

Source: cve@mitre.org

PatchThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/48

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190905-0002/

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K58502654

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K58502654?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://usn.ubuntu.com/4145-1/

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/154228/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fafcfdf6377b18b2a726ea554d6e593ba44349f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListVendor Advisory

https://github.com/torvalds/linux/commit/7fafcfdf6377b18b2a726ea554d6e593ba44349f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://seclists.org/bugtraq/2019/Aug/48

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190905-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K58502654

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K58502654?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4145-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.