- CVSS Score
- CVSS Details
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- CVSS Vector
- Affected OSes
- Affected Functions
Affected versions of
sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list,
DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment.
This results in consistent double-frees and segfaults when calling
sys_info::disk_info from multiple threads at once.
The issue was fixed by moving the global variable into a local scope.
Advisory available under CC0-1.0