vulnerability

Oracle Linux: CVE-2019-20934: ELSA-2021-2725: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:H/Au:S/C:P/I:N/A:C)
Published
Jul 16, 2020
Added
Jan 8, 2021
Modified
Jan 23, 2025

Description

An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
A flaw was found in the Linux kernel’s implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in show_numa_stats() and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.