Oracle Linux: CVE-2019-11487: ELSA-2020-0834: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
A flaw was found in the Linux kernel's implementation of the FUSE filesystem, where it allows a page reference counter overflow. If a page reference counter overflows into a negative value, it can be placed back into the "free" list for reuse by other applications. This flaw allows a local attacker who can manipulate memory page reference counters to cause memory corruption and possible privilege escalation by triggering a use-after-free condition.
The current attack requires the system to have approximately 140 GB of RAM for this attack to be performed. It may be possible that the attack can occur with fewer memory requirements.