Double Free

2022-08-0403:09:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

14.3%

JSON

Linux kernel is vulnerable to double free. The vulnerability exists in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c because is no need to call dev_kfree_skb() when usb_submit_urb() fails because can_put_echo_skb() deletes original skb and can_free_echo_skb() deletes the cloned skb causing a double free.

CPENameOperatorVersion
linux-gke-5.4:bioniceq5.4.0.1025.12
linux-gke-5.4:bioniceq5.4.0.1030.16
linux-gke-5.4:bioniceq5.4.0.1024.11
linux-gke-5.4:bioniceq5.4.0.1052.55~18.04.17
linux-gke-5.4:bioniceq5.4.0.1021.8
linux-gke-5.4:bioniceq5.4.0.1029.15
linux-gke-5.4:bioniceq5.4.0.1022.9
linux-gcp:focaleq5.4.0.1029.37
linux-gcp:focaleq5.4.0.1021.19
linux-gcp:focaleq5.4.0.1009.9

Name	Operator	Version
linux-gke-5.4:bionic	eq	5.4.0.1025.12
linux-gke-5.4:bionic	eq	5.4.0.1030.16
linux-gke-5.4:bionic	eq	5.4.0.1024.11
linux-gke-5.4:bionic	eq	5.4.0.1052.55~18.04.17
linux-gke-5.4:bionic	eq	5.4.0.1021.8
linux-gke-5.4:bionic	eq	5.4.0.1029.15
linux-gke-5.4:bionic	eq	5.4.0.1022.9
linux-gcp:focal	eq	5.4.0.1029.37
linux-gcp:focal	eq	5.4.0.1021.19
linux-gcp:focal	eq	5.4.0.1009.9