CVE-2018-10902
HIGH7.8EPSS 0.04%linux - security update
Published: 8/21/2018Modified: 4/28/2026
Description
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
Affected packages (3)
- Debian/linuxfrom 0, < 4.17.15-1
- Debian/linuxfrom 0, < 4.9.110-3+deb9u5
- Debian/linux-4.9from 0, < 4.9.110-3+deb9u5~deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |