Double free in Linux kernel - CVE-2017-2596
Published: August 2, 2017
Vulnerability identifier: #VU7664
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2596
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition.
The weakness exists due to improper emulation of the VMXON instruction by the nested_vmx_check_vmptr function. A local attacker can leverage the mishandling of page references, trigger double free error and gain elevated privileges or cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper emulation of the VMXON instruction by the nested_vmx_check_vmptr function. A local attacker can leverage the mishandling of page references, trigger double free error and gain elevated privileges or cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-2596
Update to version 4.10.1.