vulnerability

Oracle Linux: CVE-2018-10021: ELSA-2019-4316: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
1
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:N)
Published
03/08/2018
Added
09/05/2018
Modified
01/23/2025

Description

drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables
The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.

Solution

oracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.