CVE-2019-3896

CWE-416 — Use After Free CWE-4157 documents7 sources

Severity

7.8HIGH

EPSS

0.1%

top 79.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel THE Linux Foundation Kernel Redhat Enterprise Linux Desktop +3 more

Timeline

PublishedJun 19

Latest updateMay 24

Description

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages6 packages

▶NVDlinux/linux_kernel2.6.0 — 2.6.39.4

▶CVEListV5the_linux_foundation/kernel2.6.32

▶Debianlinux< 3.2.41-1+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Enterprise Linux 6.5, 6.6

🔴Vulnerability Details

GHSA

GHSA-2p8m-h2q6-92v8: A double-free can happen in idr_remove_all() in lib/idr↗2022-05-24

▶

OSV

CVE-2019-3896: A double-free can happen in idr_remove_all() in lib/idr↗2019-06-19

▶

CVEList

CVE-2019-3896: A double-free can happen in idr_remove_all() in lib/idr↗2019-06-18

▶

📋Vendor Advisories

Red Hat

kernel: Double free in lib/idr.c↗2019-06-17

▶

Debian

CVE-2019-3896: linux - A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2....↗2019

▶

💬Community

Bugzilla

CVE-2019-3896 kernel: Double free in lib/idr.c↗2019-04-01

▶