CVE-2018-7480Double Free in Kernel

CWE-415Double FreeCWE-416Use After Free12 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.1%
top 75.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 25
Latest updateMay 14

Description

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.1.414.1.51+3
Debianlinux/linux_kernel< 4.11.6-1+3
Ubuntulinux/linux_kernel< 4.4.0-127.153
debiandebian/linux< linux 4.11.6-1 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

5
GHSA
GHSA-7c73-ppwr-83wp: The blkcg_init_queue function in block/blk-cgroup2022-05-14
OSV
linux, linux-aws, linux-kvm, vulnerabilities2018-05-22
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-05-22
OSV
linux-raspi2, linux-snapdragon vulnerabilities2018-05-22
OSV
CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup2018-02-25

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2018-05-22
Ubuntu
Linux kernel (Raspberry Pi 2, Snapdragon) vulnerabilities2018-05-22
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-05-22
Red Hat
kernel: Double free in block/blk-cgroup.c:blkcg_init_queue() can allow a local user to cause a denial of service2018-02-25
Debian
CVE-2018-7480: linux - The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4...2018

💬Community

1
Bugzilla
CVE-2018-7480 kernel: Double free in block/blk-cgroup.c:blkcg_init_queue() can allow a local user to cause a denial of service2018-02-27