Main Vulnerability Database SB2019022621

SB2019022621 - Red Hat update for kernel

Published: February 26, 2019

Security Bulletin ID SB2019022621

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Double-free memory error (CVE-ID: CVE-2018-10902)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to double-free memory error in snd_rawmidi_input_params() and snd_rawmidi_output_status() in 'rawmidi.c'. A local attacker can gain elevated privileges and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2019:0415

SB2019022621 - Red Hat update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human