PT-2018-2558 · Linux+4 · Linux Kernel+4

Andrej Nemec

·

Published

2018-07-17

·

Updated

2023-02-12

·

CVE-2018-10902

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description The issue is related to a double free error in the snd rawmidi ioctl() handler, specifically in the rawmidi.c file, which can be exploited by a malicious local attacker for privilege escalation. This could potentially impact the confidentiality, integrity, and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

BDU:2019-00977
CESA-2018_3083
CESA-2019_0415
CVE-2018-10902
DLA-1529-1
DLA-1531-1
DSA-4308-1
OPENSUSE-SU-2018_2738-1
OPENSUSE-SU-2018_3071-1
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_3083
RHSA-2018_3096
RHSA-2019:0415
RHSA-2019:0641
RHSA-2019:3217
RHSA-2019:3967
RHSA-2019_0415
SUSE-SU-2018:2538-1
SUSE-SU-2018:2539-1
SUSE-SU-2018:2775-1
SUSE-SU-2018:2776-1
SUSE-SU-2018:2787-1
SUSE-SU-2018:2858-1
SUSE-SU-2018:2860-1
SUSE-SU-2018:2862-1
SUSE-SU-2018:2864-1
SUSE-SU-2018:2879-1
SUSE-SU-2018:2907-1
SUSE-SU-2018:2908-1
SUSE-SU-2018:2908-2
SUSE-SU-2018:2940-1
SUSE-SU-2018:2960-1
SUSE-SU-2018:2961-1
SUSE-SU-2018:2962-1
SUSE-SU-2018:2963-1
SUSE-SU-2018:3029-1
SUSE-SU-2018:3083-1
SUSE-SU-2018:3084-1
SUSE-SU-2018:3088-1
SUSE-SU-2018:3961-1
SUSE-SU-2018_2787-1
SUSE-SU-2018_2864-1
SUSE-SU-2018_2940-1
SUSE-SU-2018_2960-1
SUSE-SU-2021:0452-1
USN-3776-1
USN-3776-2
USN-3847-1
USN-3847-2
USN-3847-3
USN-3849-1
USN-3849-2
ZDI-18-965

Affected Products

Centos
Linux Kernel
Red Hat
Suse
Ubuntu