SecBoard
Zurück zur CVE-Übersicht

CVE-2018-10902

MEDIUM(4.6)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Risk Signal Score12/100 — NIEDRIG
  • CVSS 4.6 — Mittel

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.6

Technische Schwere

Beschreibung

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

Referenzen