CVE-2017-18595
kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
Se detectó un problema en el kernel de Linux versiones anteriores a 4.14.11. Una doble liberación puede ser causada por la función allocate_trace_buffer en el archivo kernel/trace/trace.c.
A flaw was found in the allocate_trace_buffer in kernel/trace/trace.c in the debug subsystem, when failure to allocate a dynamic percpu area, a resource cleanup is called. The pointer (buf->buffer) still holds the address and is not set to NULL, which can cause a use-after-free problem, leading to a dangling pointer issue.
The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, double free, integer overflow, memory leak, null pointer, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-09-04 CVE Reserved
- 2019-09-04 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
- CWE-416: Use After Free
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4397f04575c44e1440ec2e49b6302785c95fd2f8 | 2024-03-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.10 < 3.16.55 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 3.16.55" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.91" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.50 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.50" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.109 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.109" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.74 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.74" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.11" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||