CVE-2018-7480

Published: Feb 25, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

Affected (7)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.1.41 to 4.1.51
Linux Linux Kernel	From 4.10 to 4.11
Linux Linux Kernel	From 4.3 to 4.4.123
Linux Linux Kernel	From 4.5 to 4.9.89

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Debian Debian Linux	Version 9.0

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (12)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258

Source: cve@mitre.org

PatchVendor Advisory

https://usn.ubuntu.com/3654-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3654-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3656-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4188

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258