Base Score

HIGH7

CVE-2014-9940

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.

VectorLOCAL

Published Bysecurity@android.com

Published DateMay 02, 2017, 21:59

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba
http://www.debian.org/security/2017/dsa-3945
http://www.securityfocus.com/bid/98195
https://github.com/torvalds/linux/commit/60a2362f769cf549dc466134efe71c8bf9fbaaba
https://source.android.com/security/bulletin/2017-05-01

Base Score

HIGH7

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH