vulnerability
Oracle Linux: CVE-2018-20856: ELSA-2019-3055: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
6 | (AV:L/AC:H/Au:S/C:C/I:C/A:C) | Jul 26, 2019 | Oct 18, 2019 | Jan 23, 2025 |
Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
Jul 26, 2019
Added
Oct 18, 2019
Modified
Jan 23, 2025
Description
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.
A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.
Solution
oracle-linux-upgrade-kernel-uek

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.