vulnerability
Oracle Linux: CVE-2019-19767: ELSA-2020-4060: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | Nov 7, 2019 | Oct 7, 2020 | Jan 23, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Nov 7, 2019
Added
Oct 7, 2020
Modified
Jan 23, 2025
Description
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens.
A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens.
Solution(s)
oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.