vulnerability
Oracle Linux: CVE-2018-20856: ELSA-2019-3055: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:S/C:C/I:C/A:C) | 2019-07-26 | 2019-10-18 | 2025-01-23 |
Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
2019-07-26
Added
2019-10-18
Modified
2025-01-23
Description
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.
A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.