vulnerability

Oracle Linux: CVE-2020-12770: ELSA-2020-4060: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)

Severity
6
CVSS
(AV:L/AC:L/Au:M/C:C/I:C/A:C)
Published
Apr 14, 2020
Added
Jul 22, 2020
Modified
Jan 23, 2025

Description

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.