CVE-2019-3896

CVSS v3.0 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 5

Advisories 2

A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

Weaknesses

CWE-415: Double Free
CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2019-06-19 00:15:13
(5 years ago)
Updated Date: 2023-02-12 23:38:49
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel from 2.6.0 version and 2.6.39.4 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 2.6.0	<= 2.6.39.4

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server Aus 6.5	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
	Redhat Enterprise Linux Server Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0