vulnerability
Oracle Linux: CVE-2019-12380: ELSA-2020-5913: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | 2019-05-25 | 2020-11-11 | 2025-01-23 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
2019-05-25
Added
2020-11-11
Modified
2025-01-23
Description
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.
A flaw was found in the Linux kernel's implementation of UEFI. An attacker who can influence early-boot memory initialization could possibly influence firmware initialization and memory allocations, resulting in a panic of a guest or target system during early boot of that same system.
A flaw was found in the Linux kernel's implementation of UEFI. An attacker who can influence early-boot memory initialization could possibly influence firmware initialization and memory allocations, resulting in a panic of a guest or target system during early boot of that same system.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.