vulnerability

Oracle Linux: CVE-2018-9422: ELSA-2022-9852: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
1
CVSS
(AV:L/AC:H/Au:S/C:N/I:N/A:P)
Published
Feb 9, 2016
Added
Oct 5, 2022
Modified
Jan 23, 2025

Description

In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.
Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.

Solution

oracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.